[Modules] Dynamically loading certificates.

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Sep 15 17:09:33 EDT 2008


Adam Hasselbalch Hansen wrote:
> Hi there.
> 
> I would like to hear opinions and ideas on loading certificate files at 
> request time, rather than at server startup.
> 
> We are hosting several thousand domains. As such, it is unfeasible to 
> define static vhosts for every single one. Instead, through an in-house 
> Apache module, we dynamically serve domains based on the incoming request.
> 
> Now, we want to offer customers SSL-access to their domains, with 
> individual certificates.
> 
> So, I want to be able to read in certificate files based on what 
> request_rec knows, and without knowing anything about the available 
> domains (and thus, certificate files) at server startup. Is there any 
> way to do this easily, or does this require major redesigns of the 
> certificate handling inside the module?

If you want to do it efficiently probably you should hack mod_gnutls for
a while. Currently it loads the certificates on startup. Doing it on
runtime it needs to be done with some caching in mind or you will end up
having a slow site.

regards,
Nikos





More information about the Modules mailing list