Setting up SNI for shared IP SSL

blaszlo

blaszlo

Verified User
Joined
Jun 9, 2008
Messages
116
Hello all,

I have read a bit about being able to use an SSL certificate through the vhost on a shared IP and also tried to accomplish this, but have been unsuccessful so far. A few threads here talk about it, but no real direction on how to accomplish it. Here are a couple...
http://www.directadmin.com/forum/showpost.php?p=191854&postcount=32
http://www.directadmin.com/features.php?id=1100

The latter link talks about a default option in directadmin.conf being
enable_ssl_sni=0
but I am not seeing this option anywhere in directamin.conf. I am currently running DA version 1.36.2 - but supposedly this option has been available since 1.36.1. Is this an option I should add to the direcadmin.conf file myself?

My other question is... Has anyone been able to successfully get SNI to work on their DA system without issues? I know I need to be running at least OpenSSL 0.9.8f and there are other prerequisites listed here. Is there a custombuild that includes all the pre-req's for this?

Third question is, once all the pre-req's are taken care of, how would I actually configure SNI? Thanks for the assistance!
 
blaszlo said:
The latter link talks about a default option in directadmin.conf being
enable_ssl_sni=0
but I am not seeing this option anywhere in directamin.conf. I am currently running DA version 1.36.2 - but supposedly this option has been available since 1.36.1. Is this an option I should add to the direcadmin.conf file myself?
Click to expand...
You need to set enable_ssl_sni=1 in your directadmin.conf file; the default (0) is set unless you create it as a new line with the required setting (1).
there are other prerequisites listed here. Is there a custombuild that includes all the pre-req's for this?
Click to expand...
The code may be there, waiting for you to make the above setting, on recent updates, but perhaps not. You may want to post this question in a custombuild thread, or post something there (or send a pm to smtalk to bring his attention to this post.
Third question is, once all the pre-req's are taken care of, how would I actually configure SNI?
Click to expand...
Good question. My understanding is that as long as you set up the Certificate properly for the domain, it should just work.

You may well be the early adopter here :).

Jeff
 
Figured I was an early adopter here. If I can get this configured properly, I suppose I'll need to write a how-to. PM sent to smtalk so I'm not flooding the forums with multiple posts to answer a single question. Thanks, as always, for your 2 cents Jeff.
 
Did you ever get an answer to this?

I'm considering the same setup now. I haven't started yet, but I'm researching the possibility.
 
@sdible:

I worked on this for what seemed like days on end and I feel like I came very close, but I did not get it configured because I gave up. I truly believe if that as long as you have all of the pre-requisites taken care of (I was trying to work around the pre-req's) you shouldn't have an issue. Let us know if you get it working.
 
You must log in or register to reply here.
Back
Top