So, I wanted encrypted access to multiple websites

Multiple websites on a single server that provide encrypted access is traditionally done by adding one IP address per website. However, that is no longer necessary now that modern web browsers has support for Server Name Indication which enables multiple HTTPS websites sharing a single IP address. All that is needed is to enable support for this on your webserver.

On the Linux distribution I use on my servers, CentOS 4, that was a bit tricky. My first plan was to update the openssl package to a version that supports SNI, but that turned out to be seriously difficult since the library has changed major version between the version shipped in CentOS 4 and the version that includes SNI support and that would mean recompiling many parts of the core system.

However, I found that there is an alternative apache module to the mod_ssl shipping in CentOS called mod_gnutls. It provides the same basic functionality but does so without using the openssl library. So, I pulled the latest stable version of mod_gnutls and made an RPM package of it. It depended on newer versions of a few packages that I could pull from Fedora rawhide and recompile for CentOS 4. If you want to use the packages I built, they are available from a special yum repository. Adding this repository and installing mod_gnutls will upgrade the system provided libgcrypt and gnutls packages to newer versions.

Filed under Geeky | Comment (0)