简体繁体 English

在cPanel中设置SNI / SSL

[英]Setup SNI/SSL in cPanel

原文 2011-11-29 22:29:12 8 2 ssl/ cpanel/ sni

I am looking to setup SNI under cPanel, and while I know it's not directly supported just yet: 我希望在cPanel下设置SNI，虽然我知道它还没有直接支持：
http://forums.cpanel.net/f145/case-46856-sni-server-name-indicator-ssl-support-cpanel-83661.html http://forums.cpanel.net/f145/case-46856-sni-server-name-indicator-ssl-support-cpanel-83661.html

That doesn't mean it can't be done as far as I'm aware. 这并不意味着就我所知，它无法完成。

Does anyone know a guide or have any advice as where to look to set it up? 有没有人知道指南或有任何建议，如何设置它？

Any help would be greatly appreciated. 任何帮助将不胜感激。

-------- UPDATE -------- --------更新--------

I found this link which details how to set it up on Apache but have been told that cPanel overrides the config files: 我找到了这个链接，详细说明了如何在Apache上设置它，但是被告知cPanel会覆盖配置文件：
http://www.techrepublic.com/blog/opensource/configure-apache-to-support-multiple-ssl-sites-on-a-single-ip-address/987 http://www.techrepublic.com/blog/opensource/configure-apache-to-support-multiple-ssl-sites-on-a-single-ip-address/987

2 个解决方案

WHM 11.38 now supports SNI: WHM 11.38现在支持SNI：
http://blog.cpanel.net/ssl-improvements-for-cpanel-whm/ http://blog.cpanel.net/ssl-improvements-for-cpanel-whm/

Server Name Indicator (SNI) 服务器名称指示符（SNI）

Currently, it's common for each SSL Certificate to require its own dedicated IP address. 目前，每个SSL证书都需要自己的专用IP地址。 The cost of this address is typically being passed down to the end user. 此地址的成本通常会传递给最终用户。

SNI is able to change this paradigm by indicating what hostname the client is connecting to at the start of the handshake process. SNI能够通过在握手过程开始时指示客户端连接到哪个主机名来更改此范例。 This allows a server to have multiple certificates all installed on the same IP address. 这允许服务器在同一IP地址上安装多个证书。 Users on shared servers, that support SNI, will be able to install their own certificates and bypass the need for a dedicated address. 支持SNI的共享服务器上的用户将能够安装自己的证书并绕过对专用地址的需求。 While this saves on the cost of the dedicated IP address, this also helps reduce the need for extra addresses. 虽然这节省了专用IP地址的成本，但这也有助于减少额外地址的需求。

In order to experience the full benefit of SNI in cPanel & WHM 11.38, an operating system that supports this functionality will be needed as well. 为了在cPanel和WHM 11.38中体验SNI的全部优势，还需要一个支持此功能的操作系统。 CentOS 6 is a prime example of such an operating system. CentOS 6是这种操作系统的一个主要例子。

This is the closest I've seen, using mod_gnutls. 这是我见过的最接近的mod_gnutls。 http://blog.dembowski.net/2011/10/28/sni-on-centos-5-6-mod_gnutls/ http://blog.dembowski.net/2011/10/28/sni-on-centos-5-6-mod_gnutls/

Apparently installing an updated OpenSSL can break lots of other tools and if you install a separate copy you still have to compile Apache to use that one, which breaks the autoupdater. 显然安装更新的OpenSSL可能会破坏许多其他工具，如果你安装一个单独的副本，你仍然需要编译Apache来使用那个，这打破了autoupdater。