multiple SSL key's on one IP several Vhosts...

Dave [Hawk-Systems] dave at
Wed Apr 16 07:34:33 PDT 2003

>Just to be clear on what I'm reading...
>Apache is listening on a single IP, ports 443 and 80.
>Apache hosts multiple http sites with name based virtual hosts
>Apache also hosts multiple https sites with their own certificates
>( and as name based virtual hosts.
>I understood this to be an impossible task with https servers, based on the
>key exchange process.
>Am I reading that apache does this just fine?  If so I know some developers
>who will be thrilled.

The title doesn't exactly match the description of the problem/situation.

>> > It's from May 1999, but looks possible since different
>> certs are bing
>> > used for different IP/domains; however I have the feeling
>> apache will
>> > choke on the second ssl IP. Has anyone used a similar setup or have
>> > comments?
>> works fine. I was using apache-modssl in my case.

You can only resolve on SSL certificate to any given IP/port configuration.

Your apache conf file can be listening to 30 different IP address/port
configurations, and have 30 seperate SSL certificates for each.
	<VirtualHost 123.456.789.1:443>
	<VirtualHost 123.456.789.1:444>
	<VirtualHost 123.456.789.1:445>
	<VirtualHost 123.456.789.1:446>
	<VirtualHost 123.456.789.1:443>
	<VirtualHost 123.456.789.2:443>
	<VirtualHost 123.456.789.3:443>
	<VirtualHost 123.456.789.4:443>
are all acceptable with the appropriate certificate entries in each container.

You cannot however, have more than 1 SSL certificate for a single IP/Port


More information about the freebsd-isp mailing list