Difference between revisions of "Apache2 mod vhost alias ssl"

From Noah.org
Jump to navigationJump to search
m
m
Line 1: Line 1:
 +
[[Category:Engineering]]
 
Technically an SSL certificate is not tied to an IP address  
 
Technically an SSL certificate is not tied to an IP address  
 
(it is tied to a Fully Qualified Domain Name), but a design limitation makes it effectively impossible to do Name Based Virtual Hosting with SSL. In other words an SSL cert may not be tied to a single IP address, but a server on a single IP address cannot support more than one SLL Cert.
 
(it is tied to a Fully Qualified Domain Name), but a design limitation makes it effectively impossible to do Name Based Virtual Hosting with SSL. In other words an SSL cert may not be tied to a single IP address, but a server on a single IP address cannot support more than one SLL Cert.

Revision as of 17:09, 19 October 2006

Technically an SSL certificate is not tied to an IP address (it is tied to a Fully Qualified Domain Name), but a design limitation makes it effectively impossible to do Name Based Virtual Hosting with SSL. In other words an SSL cert may not be tied to a single IP address, but a server on a single IP address cannot support more than one SLL Cert.

When a browser connects it negotiates the SSL before it makes an HTTP request. Apache can't know which virtual domain to serve until it gets the HTTP request, but it needs to know which virtual domain in order to select the correct SSL certificate to negotiate the SSL.

The solution is to use IP based virtual hosting. Sorry.