From: TJ S. <tj...@ca...> - 2023-05-17 22:50:58
|
> Just wondering if it is possible to have a per vhost SSL config, so each > vhost can have its own SSL certificate as it is possible with apache. > > Currently I don't see how this could be established. This should be possible, yes, especially using the latest 1.3.8 release. The way it works is via the new ServerAlias directive: <VirtualHost 1.2.3.4> Port 21 ServerAlias myftphost.example.com TLSEngine on ... </VirtualHost> <VirtualHost 1.2.3.4> Port 21 ServerAlias myotherftphost.example.com TLSEngine on ... </VirtualHost> If you use a DNS name for the <VirtualHost> line, rather than an IP address, ProFTPD automatically adds a "ServerAlias" setting for that name. With these, things should work as you expect. The FTPS-capable client _should_, in its TLS handshake, send the Server Name Indicator (SNI) field, whose name will match one of the named <VirtualHost> sections -- and mod_tls will notice this, and update/use all of that vhost certificates/keys, etc. Hope this helps, TJ |