Always-On SSL: What It Is and Why You Should Implement It
6 Replies
@centminmod:
Cheers shared it with folks at
https://community.letsencrypt.org/t/jus … ffic/671/3">https://community.letsencrypt.org/t/justification-for-encrypting-all-web-traffic/671/3 :)
Awesome! Thank you so much. I've been receiving traffic from that forum already.
Lets Encrypt is going to be a great service to the whole community
If the guy really meant on certificate per domain, I think you could still host multiple domains on one IP using SSL (well TLS) as long as you assign each one in the associated virtualhost config for each domain, though I've not tried that.
I do mean TLS. It's mentioned in my post.
jebblue,
You can comment using Disqus. You don't need a social media login. This is a great tip. I'll comment it on my post on your behalf. Thanks!
Interesting about the one IP per certificate issue/discussion. This was often the case, and Linode still accept using a trusted signed HTTPS SSL cert as justification for another IP address, but for many years it has been possible to serve multiple SSL certs on different domains from a single IP address. This is known as Server Name Indication (SNI) and works under Apache and IIS and other popular web servers that support TLS. It seems the major pitfall is that it isn't supported on any XP compatible version of IE, but I'm not sure that really matters to many of us in 2015.
I have never actually used this - I still use 1 IP per cert, but has anyone any real life experience of SNI they care to share?
Good article here:
Chris