multiple SSL key's on one IP several Vhosts...
Dave [Hawk-Systems]
dave at hawk-systems.com
Wed Apr 16 07:34:33 PDT 2003
>Just to be clear on what I'm reading...
>
>Apache is listening on a single IP, ports 443 and 80.
>Apache hosts multiple http sites with name based virtual hosts
>Apache also hosts multiple https sites with their own certificates
>(www.domain1.com and www.domain2.com) as name based virtual hosts.
>
>(seamlessly)
>
>I understood this to be an impossible task with https servers, based on the
>key exchange process.
>
>Am I reading that apache does this just fine? If so I know some developers
>who will be thrilled.
The title doesn't exactly match the description of the problem/situation.
>> > It's from May 1999, but looks possible since different
>> certs are bing
>> > used for different IP/domains; however I have the feeling
>> apache will
>> > choke on the second ssl IP. Has anyone used a similar setup or have
>> > comments?
>>
>> works fine. I was using apache-modssl in my case.
You can only resolve on SSL certificate to any given IP/port configuration.
Your apache conf file can be listening to 30 different IP address/port
configurations, and have 30 seperate SSL certificates for each.
<VirtualHost 123.456.789.1:443>
<VirtualHost 123.456.789.1:444>
<VirtualHost 123.456.789.1:445>
<VirtualHost 123.456.789.1:446>
or
<VirtualHost 123.456.789.1:443>
<VirtualHost 123.456.789.2:443>
<VirtualHost 123.456.789.3:443>
<VirtualHost 123.456.789.4:443>
are all acceptable with the appropriate certificate entries in each container.
You cannot however, have more than 1 SSL certificate for a single IP/Port
configuration.
Dave
More information about the freebsd-isp
mailing list