[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSL virtualhosting with apache-ssl w/multiple certs

On Thu, Aug 22, 2002 at 11:28:13PM -0700, nate wrote:
> I have a few SSL sites running as virtual hosts on my
> system, and I want to stick to using only 1 of my available
> IP addresses for them.
> 
> The issue is apache-ssl seems to use only the first cert it
> finds, when I load it, it says it is loading the different
> certs but when I access the different sites they are all using
> the same cert.
> 
> I would like to have more proper certificates by having the
> hostname for each site in it's own cert, but to avoid too
> many SSL complaints from the browsers I'm forced to use
> "*" as the hostname, that way all the hosts work without
> complaint.
> 
> Is doing the above possible without using seperate IPs
> for each site, or even seperate ports for each server?

Unfortunately not, as it's out of the web server's control. The problem
is that the SSL session has to be started before the Host: header is
read from the client. As a result, the only way the server can find out
what certificate to send is by looking at the IP/port combination on
which it's received the request. This applies to any SSL-capable web
server.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
Reply to: