From owner-freebsd-isp@FreeBSD.ORG Thu Feb 12 09:15:02 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 504B216A4CE for ; Thu, 12 Feb 2004 09:15:02 -0800 (PST) Received: from pegmatite.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 364D143D1F for ; Thu, 12 Feb 2004 09:15:02 -0800 (PST) (envelope-from damian@sentex.net) Received: by pegmatite.sentex.ca (Postfix, from userid 1001) id EA4D5171D5; Thu, 12 Feb 2004 12:14:57 -0500 (EST) Date: Thu, 12 Feb 2004 12:14:57 -0500 From: Damian Gerow To: freebsd-isp@freebsd.org Message-ID: <20040212171457.GF56315@sentex.net> Mail-Followup-To: freebsd-isp@freebsd.org References: <20040212125320.U40659@ganymede.hub.org> <2004212181157.302775@juanjo> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2004212181157.302775@juanjo> X-GPG-Key-Id: 0xB841F142 X-GPG-Fingerprint: C7C1 E1D1 EC06 7C86 AF7C 57E6 173D 9CF6 B841 F142 X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . User-Agent: Mutt/1.5.4i Subject: Re: Multiple SSL Domains on one IP ... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Feb 2004 17:15:02 -0000 Thus spake Juan Jose Sanchez Mesa (juanjo.listas@dobleJ.net) [12/02/04 12:12]: > > a) is this possible at all? last I checked, I swear that you couldn't > > have multi-SSL certs loaded up per IP, but not sure if that is a limit in > > the certs themselves, or Apache? > > Is not possible, because the SSL negotiation is done before any header is > sent from browser to Apache. Apache can't know what virtual server is the > browser accesing to use the correct cert. Then, the selection is done using > the IP in which the browser is connecting. IIRC, someone pointed out a working group that was establishing a standard to allow for multiple SSL sites on one IP address. However, I cannot find the link or any reference to the post, nor remember where I saw it.