Re: [Proftpd-devel] SSL per vhost possible ?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

> Just wondering if it is possible to have a per vhost SSL config, so each 
> vhost can have its own SSL certificate as it is possible with apache.
>
> Currently I don't see how this could be established.

This should be possible, yes, especially using the latest 1.3.8 release.

The way it works is via the new ServerAlias directive:

  <VirtualHost 1.2.3.4>
    Port 21
    ServerAlias myftphost.example.com
    TLSEngine on
    ...
  </VirtualHost>

  <VirtualHost 1.2.3.4>
    Port 21
    ServerAlias myotherftphost.example.com
    TLSEngine on
    ...
  </VirtualHost>

If you use a DNS name for the <VirtualHost> line, rather than an IP address, ProFTPD automatically adds a "ServerAlias" setting for that name.

With these, things should work as you expect.  The FTPS-capable client _should_, in its TLS handshake, send the Server Name Indicator (SNI) field, whose name will match one of the named <VirtualHost> sections -- and mod_tls will notice this, and update/use all of that vhost certificates/keys, etc.

Hope this helps,
TJ