Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 16 Apr 2003 10:34:30 -0400
From:      "Dave [Hawk-Systems]" <dave@hawk-systems.com>
To:        "Andrew Lewis" <andrew@coastal.com>, <freebsd-isp@FreeBSD.ORG>
Subject:   RE: multiple SSL key's on one IP several Vhosts...
Message-ID:  <DBEIKNMKGOBGNDHAAKGNEELCMFAB.dave@hawk-systems.com>
In-Reply-To: <D971A89773AFD311B9880008C786C87D0A3FCE65@exchange-1.coastal.internal>
next in thread | previous in thread | raw e-mail | index | archive | help 
>Just to be clear on what I'm reading...
>
>Apache is listening on a single IP, ports 443 and 80.
>Apache hosts multiple http sites with name based virtual hosts
>Apache also hosts multiple https sites with their own certificates
>(www.domain1.com and www.domain2.com) as name based virtual hosts.
>
>(seamlessly)
>
>I understood this to be an impossible task with https servers, based on the
>key exchange process.
>
>Am I reading that apache does this just fine?  If so I know some developers
>who will be thrilled.

The title doesn't exactly match the description of the problem/situation.

>> > It's from May 1999, but looks possible since different
>> certs are bing
>> > used for different IP/domains; however I have the feeling
>> apache will
>> > choke on the second ssl IP. Has anyone used a similar setup or have
>> > comments?
>>
>> works fine. I was using apache-modssl in my case.

You can only resolve on SSL certificate to any given IP/port configuration.

Your apache conf file can be listening to 30 different IP address/port
configurations, and have 30 seperate SSL certificates for each.
	<VirtualHost 123.456.789.1:443>
	<VirtualHost 123.456.789.1:444>
	<VirtualHost 123.456.789.1:445>
	<VirtualHost 123.456.789.1:446>
or
	<VirtualHost 123.456.789.1:443>
	<VirtualHost 123.456.789.2:443>
	<VirtualHost 123.456.789.3:443>
	<VirtualHost 123.456.789.4:443>
are all acceptable with the appropriate certificate entries in each container.

You cannot however, have more than 1 SSL certificate for a single IP/Port
configuration.

Dave

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DBEIKNMKGOBGNDHAAKGNEELCMFAB.dave>