Apache SNI is not needed what is the issue?

I read this article and still don't understand the issue.

If I understand correctly the client negotiates after the first SSL connection and then gets the correct hostname and thus correct certificate.

http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

To their credit I know I'm not using SNI becuase I get this message in the Apache log :)

[warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!

But once again I don't get the issue.  SSL works fine with my name based vhosts and allows me to use a shared certificate by default and if I want a "real certificate" I just buy another IP from my provider, assign it to the right domain and buy the new certificate and set it up.

To put it in perspective I've used this for years on my own manual websites, using Name Based vhosts and a shared SSL certificate AND sites with separate IPs that have their own without issue.  SNI sounds like it is not as widely as supported by clients as normal SSL connections.

I guess the only real benefit of SNI is the ability to serve multiple unique certificates without a separate IP being required, but I don't see this being an issue for most people unless they're on a real budget.

I do agree at some point in the future it may be a problem, but by then IPV6 should be widely adopted and IPs will no longer again be an issue.


Tags:

apache, sni, correctly, negotiates, ssl, hostname, thus, certificate, http, wiki, org, httpd, namebasedsslvhostswithsni, becuase, init, virtual, hosts, conjunction, vhosts, allows, default, quot, ip, provider, assign, domain, ve, manual, websites, sites, ips, widely, supported, connections, multiple, certificates, ipv,

Latest Articles

  • How to install Windows or other OS and then bring to another computer by using a physical drive and Virtual Machine with QEMU
  • PXE-E23 Error BOOTx64.EFI GRUB booting is 0 bytes tftp pxe dhcp solution NBP filesize is 0 Bytes
  • vagrant install on Debian Mint Ubuntu Linux RHEL Quick Setup Guide Tutorial
  • RHEL 8 CentOS 8, Alma Linux 8, Rocky Linux 8 System Not Booting with RAID or on other servers/computers Solution for dracut and initramfs missing kernel modules
  • How to Upgrade to Debian 11 from Version 8,9,10
  • Ubuntu Linux Mint Debian Redhat Cannot View Files on Android iPhone USB File Transfer Not Working Solution
  • Virtualbox Best Networking Mode In Lab/Work Environment without using NAT Network or Bridged
  • debootstrap how to install Ubuntu, Mint, Debian install
  • Linux grub not using UUID for the root device instead it uses /dev/sda1 or other device name solution
  • How To Restore Partition Table on Running Linux Mint Ubuntu Debian Machine
  • Debian Ubuntu apt install stop daemon questions/accept the default action without prompting
  • iptables NAT how to enable PPTP in newer Debian/Ubuntu/Mint Kernels Linux
  • Grandstream Phone Vulnerability Security Issue Remote Backdoor Connection to 207.246.119.209:3478
  • Linux How to Check Which NIC is Onboard eth0 or eth1 Ubuntu Centos Debian Mint
  • VboxManage VirtualBox NAT Network Issues Managment Troubleshooting
  • Dell PowerEdge Server iDRAC Remote KVM/IP Default Username, Password Reset and Login Information Solution
  • Nvidia Tesla GPUs K40/K80/M40/P40/P100/V100 at home/desktop hacking, cooling, powering, cable solutions Tutorial AIO Solutions
  • Stop ls in Linux Debian Mint CentOS Ubuntu from applying quotes around filenames and directory names
  • Thunderbird Attachment Download Error Corrupt Wrong filesize of 29 or 27 bytes Solution
  • Generic IP Camera LAN Default IP Settings DVR