From owner-freebsd-isp@FreeBSD.ORG  Wed Apr 16 07:34:33 2003
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 22ABF37B401
	for <freebsd-isp@FreeBSD.ORG>; Wed, 16 Apr 2003 07:34:33 -0700 (PDT)
Received: from web1.nexusinternetsolutions.net
	(web1.nexusinternetsolutions.net [206.47.131.12])
	by mx1.FreeBSD.org (Postfix) with SMTP id 21CC943F3F
	for <freebsd-isp@FreeBSD.ORG>; Wed, 16 Apr 2003 07:34:32 -0700 (PDT)
	(envelope-from dave@hawk-systems.com)
Received: (qmail 46444 invoked from network); 16 Apr 2003 14:34:30 -0000
Received: from unknown (HELO ws1) (24.157.103.51)
  by web1.nexusinternetsolutions.net with SMTP; 16 Apr 2003 14:34:30 -0000
From: "Dave [Hawk-Systems]" <dave@hawk-systems.com>
To: "Andrew Lewis" <andrew@coastal.com>, <freebsd-isp@FreeBSD.ORG>
Date: Wed, 16 Apr 2003 10:34:30 -0400
Message-ID: <DBEIKNMKGOBGNDHAAKGNEELCMFAB.dave@hawk-systems.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
In-Reply-To: <D971A89773AFD311B9880008C786C87D0A3FCE65@exchange-1.coastal.internal>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
Subject: RE: multiple SSL key's on one IP several Vhosts...
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2003 14:34:33 -0000

>Just to be clear on what I'm reading...
>
>Apache is listening on a single IP, ports 443 and 80.
>Apache hosts multiple http sites with name based virtual hosts
>Apache also hosts multiple https sites with their own certificates
>(www.domain1.com and www.domain2.com) as name based virtual hosts.
>
>(seamlessly)
>
>I understood this to be an impossible task with https servers, based on the
>key exchange process.
>
>Am I reading that apache does this just fine?  If so I know some developers
>who will be thrilled.

The title doesn't exactly match the description of the problem/situation.

>> > It's from May 1999, but looks possible since different
>> certs are bing
>> > used for different IP/domains; however I have the feeling
>> apache will
>> > choke on the second ssl IP. Has anyone used a similar setup or have
>> > comments?
>>
>> works fine. I was using apache-modssl in my case.

You can only resolve on SSL certificate to any given IP/port configuration.

Your apache conf file can be listening to 30 different IP address/port
configurations, and have 30 seperate SSL certificates for each.
	<VirtualHost 123.456.789.1:443>
	<VirtualHost 123.456.789.1:444>
	<VirtualHost 123.456.789.1:445>
	<VirtualHost 123.456.789.1:446>
or
	<VirtualHost 123.456.789.1:443>
	<VirtualHost 123.456.789.2:443>
	<VirtualHost 123.456.789.3:443>
	<VirtualHost 123.456.789.4:443>
are all acceptable with the appropriate certificate entries in each container.

You cannot however, have more than 1 SSL certificate for a single IP/Port
configuration.

Dave