[Modules] Dynamically loading certificates.
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Sep 15 17:09:33 EDT 2008
Adam Hasselbalch Hansen wrote:
> Hi there.
>
> I would like to hear opinions and ideas on loading certificate files at
> request time, rather than at server startup.
>
> We are hosting several thousand domains. As such, it is unfeasible to
> define static vhosts for every single one. Instead, through an in-house
> Apache module, we dynamically serve domains based on the incoming request.
>
> Now, we want to offer customers SSL-access to their domains, with
> individual certificates.
>
> So, I want to be able to read in certificate files based on what
> request_rec knows, and without knowing anything about the available
> domains (and thus, certificate files) at server startup. Is there any
> way to do this easily, or does this require major redesigns of the
> certificate handling inside the module?
If you want to do it efficiently probably you should hack mod_gnutls for
a while. Currently it loads the certificates on startup. Doing it on
runtime it needs to be done with some caching in mind or you will end up
having a slow site.
regards,
Nikos
More information about the Modules
mailing list