two domain names - one IP - both SSL

Chad Leigh -- Shire.Net LLC chad at
Fri Apr 30 13:30:39 PDT 2004

On Apr 30, 2004, at 2:09 PM, Remko Lodder wrote:

> Heya,
>> Your HTTP client is broken and isn't checking SSL certificates
>> correctly? Or you didn't meet the "one IP" requirement of the original
>> poster. Or you served up the same SSL certificate for every vhost.
> Well it's not a real cert. indeed, i cannot afford that, and true, 
> it's the same certificate for every vhost i used.
>> HTTPS establishes an SSL connection with the server prior to _any_ 
>> conversation. Since SSL requires a certificate which is linked to the
>> server host name, and the virtual host name hasn't been transmitted by
>> the client yet, there's no way short of ESP for the server to tell 
>> which
>> SSL certificate to use. There's a detailed explanation on the apache
>> website; but this isn't an apache failing so much as a general issue
>> with HTTP/SSL.
> Well, i keep wondering then how i got my secure webmail online, secure 
> ids viewing etc. (different hostnames on the same ip adres, (i only 
> have one ip addr)).

Your client is not checking or is set to ignore certificate problems, 
or you could have a wildcard certificate that will match any hosts in 
the domain name... (But wildcard certs are generally expensive so I 
doubt that).  A wildcard cert for * would match and equally...


More information about the freebsd-questions mailing list