On October 18, 2011 12:27 , James Moe <jimoe@xxxxxxxxxxxxxx> wrote:
Our website account with our ISP has one fixed IP address and allows a number of virtual hosts. The main site has an SSL certificate for secure access. I wish to add another certificate for one of the named virtual hosts. According to Tech Support the account only allows one SSL certificate per IP address. [...] Is the claim of only one cert per IP address correct? Or have I made an error in the configuration?
Until relatively recently, this was a limitation of the SSL/TLS protocol: the SSL handshake was completed before the client sent the HTTP request indicating which virtual host it was connecting to; thus, there was no way to know in advance which certificate should be used when creating the secure connection.
This problem was solved with Server Name Indication (see https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI ). In order to use Server Name Indication (SNI), you need to be running Apache HTTP Server 2.2.12 or later with OpenSSL 0.9.8f or later, and your users also need to use web browsers that support SNI. Microsoft Internet Explorer only supports SNI for version 7 and later under Windows Vista and later (no version of IE under Windows XP supports SNI).
If you have the ability to do SNI in both your web server and web browsers, instructions and examples on how to configure Apache HTTP Server to use multiple virtual hosts, each with their own SSL certificate but all sharing a single IP address, are on the page I link to above.
-- Mark Montague mark@xxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|