multiple SSL key's on one IP several Vhosts...
dave at hawk-systems.com
Thu Apr 17 14:57:15 PDT 2003
>> Googling for a result of an issue where I've got more then one SSL key I
>> want to enable on a site (one that is certified and one that is self
>> signed) I ran across and issue where Multiple key's appear to not work on
>> the same IP, is this still the case? even after two years? Who's bright
>> Idea was it to tie the SSL key to the IP address and domain, and not just
>> the domain?
>> If anyone has a work around for the this, it would be very useful to know
>> (other then more then one IP assigned to the VH, not an option as a
>> limitation of jails...)
>> thanks in advance..
>I work at a company where we have many different hosts/domain and
>everything has to be SSL, although the actual application behind it
>is the same. The application does present different layout logo per
>virtual site, but otherwise internal and database wise its the same.
>Managing multiple hosts behind the load balancer with SSL was a pain.
>We ended up getting us an Alteon (Nortel) iSD100 setup, which is a
>SSL offloader. For the frontend we already had an Alteon AD3. The
>frontside still has all the different IPs per virtual host, but the
>actual servers only have now 1 IP, one config file with namedbased
>virtualhosts. You can use two AD3 for failover, as well as up to
>32 of the iSD100 in a cluster (there are different models I just
>know the iSD100). Each iSD100 is capable of 7,000 sessions supposely,
>it has two hardware SSL cards in a 1U case.
from what you describe, you avoid the problem on the web server by moving it to
another physical server/device... but the problem itself (requires 1 unique
IP/port conbination per SSL host) still exists.
Bottom line, if you only have 1 IP address you can only use 1 SSL cert UNLESS
you start assigning other port combinations per SSL cert... messy at best.
More information about the freebsd-isp