Apache SNI is not needed what is the issue?

I read this article and still don't understand the issue.

If I understand correctly the client negotiates after the first SSL connection and then gets the correct hostname and thus correct certificate.

http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

To their credit I know I'm not using SNI becuase I get this message in the Apache log :)

[warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!

But once again I don't get the issue.  SSL works fine with my name based vhosts and allows me to use a shared certificate by default and if I want a "real certificate" I just buy another IP from my provider, assign it to the right domain and buy the new certificate and set it up.

To put it in perspective I've used this for years on my own manual websites, using Name Based vhosts and a shared SSL certificate AND sites with separate IPs that have their own without issue.  SNI sounds like it is not as widely as supported by clients as normal SSL connections.

I guess the only real benefit of SNI is the ability to serve multiple unique certificates without a separate IP being required, but I don't see this being an issue for most people unless they're on a real budget.

I do agree at some point in the future it may be a problem, but by then IPV6 should be widely adopted and IPs will no longer again be an issue.


Tags:

apache, sni, correctly, negotiates, ssl, hostname, thus, certificate, http, wiki, org, httpd, namebasedsslvhostswithsni, becuase, init, virtual, hosts, conjunction, vhosts, allows, default, quot, ip, provider, assign, domain, ve, manual, websites, sites, ips, widely, supported, connections, multiple, certificates, ipv,

Latest Articles

  • ImageMagick Convert PDF Not Authorized
  • ImageMagick Converted PDF to JPEG some files have a black background solution
  • Linux Mint Mate Customize the Lock screen messages and hide username and real name
  • Ubuntu/Gnome/Mint/Centos How To Take a partial screenshot
  • ssh how to verify your host key / avoid MIM attacks
  • Cisco IP Phone CP-8845 8800/8900 Series How To Reset To Factory Settings Instructions
  • ls how to list ONLY directories
  • How to encrypt your SSH private key file id_rsa
  • Linux Mint 18 Disable User Name List from showing on Login Screen
  • Firefox Cannot Hit Enter Key In Address Bar and Location History Not Working
  • Cisco Unified Communications Manager / CUCM IP 8.6,10,12 Install Error Solution
  • Ubuntu Debian Mint Linux SSHD OpenSSH Server Not Starting After Reboot Solution
  • nmap how to scan for all ports and not just the 1000 most common ports
  • Windows 7,8,10 and Server 2008, 2012, 2016, 2019 Read Only Attribute Won't Go Away
  • bind / named how to make a wildcard record and retain defined A records
  • Cisco Unified Communications Manager 12 Install Errors on Proxmox/KVM
  • Local Vs Universally Administered MAC Address NIC Refuses to come up
  • Cisco Unified Communications Manager 12 CUCM 12 - How To Enable Video Calling
  • Windows 7, 8, 10, Windows Server 2008, 2012, 2016, 2019 How To AC97 Audio Drivers and Other Unsigned Drivers
  • Cisco Unified Communications Manager / CUCM IP Telephony Definitions