Dan Schaefer wrote:
So are you suggesting that I need multiple public IPs to implement this, or just multiple private IPs? Private IPs is not a problem, however, due to the fact that we have limited public IPS in our range, it could be a problem when if and when we add new SSL certs. We would need to re-evaluate our ISP contract before it expires.
You will need a unique public IP address for each SSL site (e.g. FQDN) you are planning on running, unless you have a wildcard cert for multiple subdomains that should all pull the same VirtualHost content. Since SSL encrypts all of the data sent between the server, including the Host: header, there's no way for Apache to know which VirtualHost should handle the request unless it is IP based. SNI[1] is a new extension that allows the Host header to be sent separately, thus eliminating the need for dedicated IP addresses, but it does not have universal browser support (most notably for IE 7.0 only on Vista or higher).
Now, if these sites are being used by the general public, then you don't have to assign unique public IP addresses, assuming the sites are only being accessed through the private IP address on the local network.
[1] http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI -- Justin Pasher --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx