Any workaround to run SNI supported sites on windows xp and IE8

StackOverflow https://stackoverflow.com/questions/23425433

  •  14-07-2023
  •  | 
  •  

Question

This question is asked multiple time and there are well briefed answers, IE on XP does not support

But we have problem that we have not enough public ips to assign for individual ssl based url. I have very basic question that can we run SNI sites(that points to single ip) on windowsXP and IE8.

We have some workarounds like, buy an other pool of IPS but that will really cost us a lot. Thanks

Was it helpful?

Solution

The only way to have multiple certificates on the same IP and port is to use SNI, and this needs a browser which can do SNI. Because you usually don't have control about the client you cannot force them to upgrade windows or use another browser on the same platform.

So if you really need to support multiple certificates on a single IP and cannot use SNI, your only option is to have the http server listen on different ports and setup the certificates based on the port. Note, that this might give you other problems, because non-standard port for https might be blocked by firewalls.

OTHER TIPS

The workarounds are. 1) make the default site one that tells people that internet explorer on XP is not supported, and is insecure, and to download firefox or chrome, and provides download links. This will hopefully convert customers to using the other browsers. 2) use different ports.

The muiti-domain cert will not help because only the first site in apache on port 443 on that ip will come up.

I know that this is a dollar late and a day short, but you could use a Multiple Domain (UCC) SSL certificate.

They are a little more expensive, but you can specify multiple domain names on one certificate.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top