Justin Pasher wrote:
Dan
Schaefer wrote:
So are you suggesting that I need multiple
public IPs to implement this, or just multiple private IPs? Private IPs
is not a problem, however, due to the fact that we have limited public
IPS in our range, it could be a problem when if and when we add new SSL
certs. We would need to re-evaluate our ISP contract before it expires.
You will need a unique public IP address for each SSL site (e.g. FQDN)
you are planning on running, unless you have a wildcard cert for
multiple subdomains that should all pull the same VirtualHost content.
Since SSL encrypts all of the data sent between the server, including
the Host: header, there's no way for Apache to know which VirtualHost
should handle the request unless it is IP based. SNI[1] is a new
extension that allows the Host header to be sent separately, thus
eliminating the need for dedicated IP addresses, but it does not have
universal browser support (most notably for IE 7.0 only on Vista or
higher).
Now, if these sites are being used by the general public, then you
don't have to assign unique public IP addresses, assuming the sites are
only being accessed through the private IP address on the local
network.
[1] http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
Does it help to mention that my example.com and www.example.com
certificates are the exact same cert? My apologies for not mentioning
this in the beginning. If and when we do add SSL to other subdomains,
they will be different certs. I don't see that happening in the
near future, however. Will I be able to use the same public IP for both
example.com and www.example.com?
Dan Schaefer
Web Developer/Systems Analyst
Performance Administration Corp.
|