No need to enable SNI for multiple SSL sites on same IP but using same wild card certificate?

No need to enable SNI for multiple SSL sites on same IP but using same wild card certificate?

I have an IIS server hosting: mydomain.com sub1.mydombain.com sub2.mydomain.com They are listed as 3 separate sites under IIS, all bind to the same IP over HTTPS on 443. But they all use the same SSL certificate which is a wild card certificate covering .mydomain.com In this scenario, my understanding is that SNI isnt necessary, because whichever certificate the server serves for any request which is the same certificate will work for all sites anyway, correct I tested it myself and it seems to be working, but I just want to make sure doing so wont cause any unexpected ill results for certain users I do not want to use SNI if possible because I do want Windows XP support for these sites Out of curiosity, I do want to know when you have a setup like this multiple sites over SSL on same IP but not enable SNI, how exactly does IIS decide which certificate to serve the first 443 binding on an IP Or the last one used Furthermore, if this setup works, in the future if I were to add mydomain2.com into the same IIS server, and using a different SSL certificate, can I enable SNI for mydomain2.com only and not affect the other 3 sites Thanks.

Комментарии

Отправить комментарий

Популярные сообщения из этого блога

Skipping acquire of configured file 'contrib/binary-i386/Packages' as repository … doesn't support architecture 'i386'

Skipping acquire of configured file 'contrib/binary-i386/Packages' as repository … doesn't support architecture 'i386' I installed Ubuntu 18.04 and then while installing Virtualbox i get the i386 error message after I did: sudo apt-get update Get:1 http:nl.archive.ubuntu.comubuntu bionic InRelease 242 kB Hit:2 http:security.ubuntu.comubuntu bionic-security InRelease Hit:3 http:ppa.launchpad.netdanielrichter2007grub-customizerubuntu bionic InRelease Hit:4 http:nl.archive.ubuntu.comubuntu bionic-updates InRelease Hit:5 http:nl.archive.ubuntu.comubuntu bionic-backports InRelease Get:6 http:download.virtualbox.orgvirtualboxdebian bionic InRelease 4429 B Get:7 http:download.virtualbox.orgvirtualboxdebian bioniccontrib amd64 Packages 1426 B Fetched 248 kB in 1s 209 kBs Reading package lists... Done N: Skipping acquire of configured file contribbinary-i386Packages as repository http:download.virtualbox.orgvirtualboxdebian bionic InRelease doesnt support architecture i386 ...
Далее...

Connection string for MariaDB using ODBC

Connection string for MariaDB using ODBC What is the connection string for using MariaDB with ODBC Im guessing its something like DRIVERMariaDB ODBC 5.1 Driver; SERVERLOCALHOST; PORT3306; DATABASEDatabaseName; UIDroot; PASSWORDpassword;OPTION3; Connection strings seems to show strings for MySQL but not MariaDB. MariaDB seems to have a lot of connection strings for Access, SQL Lite, excel, etc ... What have I missed Although this is late answer, but MariaDB have that documented here SQLWCHAR ConnStr LDriverMariaDB ODBC 2.0 Driver;Serverlocalhost;UIDodbc_user;PWDodbc_pw;DBodbc_test;Port3306;
Далее...

Celery like system based on django channels

Celery like system based on django channels According to the docs of django channels: http:channels.readthedocs.ioenlatestconcepts.htmlhighlightcelerynext-steps One thing channels do not do, however, is guarantee delivery. If you need certainty that tasks will complete, use a system designed for this with retries and persistence e.g. Celery, or alternatively make a management command that checks for completion and re-submits a message to the channel if nothing is completed rolling your own retry logic, essentially. I worked with celery some years ago. Yes, it is great, it is big, it is too much. I would like to avoid it. I am searching a simple tasks queue with guarantee delivery and a re-submission on failure. An other alternative would be python-rq. But this has other disadvantages like using pickle data format instead of json. A friend gave me an advice: https:github.comfurious-lukedjango-cq Looks good. From the docs An attempt to implement a distributed task queue ...
Далее...