如何在本地主机上的多个域和子域中使用 HTTPS?
我正在使用
- Apache
- Ruby 和 Ruby on Rails 3
- 运行“Snow Leopard”的
Mac Os ,并且我想在 localhost 上为我的域和子域使用 HTTPS。
我已经设置了所有内容(我认为正确):
- 我为我的域和子域生成了通配符证书(例如:*.sitename.com)
- 我已在
http.conf文件侦听端口:433和:80 - 我的浏览器也接受证书,如果它提醒我这些证书不安全,我可以使用 HTTPS 访问
页面官方 Apache 指南 我读到,使用基于名称的虚拟主机不可能做到这一点,但我也读到有人以某种方式做到了这一点(什么?!我不明白......)。
那么,是否可以在 localhost 中对多个域和子域使用 HTTPS?如果是这样,我必须“做什么”\“检查”才能使用它?
更新 for @sarnold
typhoeus 似乎使用 libcurl,并且 libcurl 似乎支持 SNI——是 你的 libcurl 版本足够新 支持SNI吗?伤寒知道怎么办吗 启用它? (libcurl 的客户端是否 需要自己“启用”SNI?)
我认为是这样,因为我可以通过 HTTPS 访问所有子域,并且应该更新 libcurl:
curl -V--version
curl 7.21.2 (x86_64-apple-darwin10.5.0) libcurl/7.21.2 OpenSSL/1.0.0c zlib/1.2.5 libidn/1.19
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: IDN IPv6 Largefile NTLM SSL libz
# Typhoeus request
Typhoeus::Request.get("https://<sub_domain_name>.<domain_name>.com/")
我如何检查“libcurl 的客户端是否需要自己“启用”它的 SNI?< /em>”?
I am using
- Apache
- Ruby and Ruby on Rails 3
- Mac Os running "Snow Leopard"
and I would like to use HTTPS on localhost for my domains and sub-domains.
I have already set everything (I think correctly):
- I generated a wildcard certificate for my domains and sub-domains (example: *.sitename.com)
- I have set base-named virtualhosts in the
http.conffile listening on port:433and:80 - My browser accept certificates also if it alerts me that those aren't safe and I can have access to pages using HTTPS
From the official Apache guide I read that it is not possible to do that using name-based virtualhost, but I also read someone that made that in some way (what?! I don't understand...).
So, is it possible or not to use HTTPS in localhost for multiple domains and sub-domains? If so, what I must "to do"\"to check" for working with that?
UPDATE for @sarnold
typhoeus appears to use libcurl, and
libcurl appears to support SNI -- is
your version of libcurl new enough to
support SNI? Does typhoeous know how
to enable it? (Do clients of libcurl
need to "enable" it SNI themselves?)
I think so because I can access all sub_domains over HTTPS and libcurl should be updated:
curl -V--version
curl 7.21.2 (x86_64-apple-darwin10.5.0) libcurl/7.21.2 OpenSSL/1.0.0c zlib/1.2.5 libidn/1.19
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: IDN IPv6 Largefile NTLM SSL libz
# Typhoeus request
Typhoeus::Request.get("https://<sub_domain_name>.<domain_name>.com/")
How can I check if "Do clients of libcurl need to "enable" it SNI themselves?"?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
使用 SSL/TLS 的基于名称的虚拟服务器的技术并不好选择,但服务器名称指示扩展允许浏览器按名称请求特定站点,从而允许使用不同的证书用于不同的站点。并非所有浏览器都支持 SNI。
尽管有人可能会问,如果多个证书都是在同一进程中以相同的权限提供的,那么拥有多个证书有什么价值,但任何改善用户 TLS 体验的努力都是值得的。 :)
The techniques for doing name-based virtual servers with SSL/TLS aren't great choices, but the Server Name Indication extension allows browsers to request a specific site by name, allowing different certificates to be used with different sites. Not all browsers support SNI yet.
Though one might ask what value there is is in having multiple certificates if they are all served out of the same process with the same privileges, anything to improve the user's TLS experience has to be worth the hassle. :)