Difference between revisions of "Apache2 mod vhost alias ssl"

From Noah.org
Jump to: navigation, search
m
Line 1: Line 1:
 
[[Category:Engineering]]
 
[[Category:Engineering]]
Technically an SSL certificate is not tied to an IP address  
+
[[Category:SSL]]
(it is tied to a Fully Qualified Domain Name), but a design limitation makes it effectively impossible to do Name Based Virtual Hosting with SSL. In other words an SSL cert may not be tied to a single IP address, but a server on a single IP address cannot support more than one SLL Cert.
+
 
 +
Technically an SSL certificate is <em>not</em> tied to an IP address (it is tied to a Fully Qualified Domain Name), but a design limitation makes it effectively impossible to do Name Based Virtual Hosting with SSL. In other words, an SSL cert may not be tied to a single IP address, but a server on a single IP address cannot support more than one SLL Cert.
  
 
When a browser connects it negotiates the SSL before it makes an HTTP request. Apache can't know which virtual domain to serve until it gets the HTTP request, but it needs to know which virtual domain in order to select the correct SSL certificate to negotiate the SSL.
 
When a browser connects it negotiates the SSL before it makes an HTTP request. Apache can't know which virtual domain to serve until it gets the HTTP request, but it needs to know which virtual domain in order to select the correct SSL certificate to negotiate the SSL.
  
The solution is to use IP based virtual hosting. Sorry.
+
The solution is to use IP based virtual hosting. Sorry. So your single server will have to be configured with an additional IP address for each virtual host that needs SSL.

Revision as of 17:29, 7 August 2008


Technically an SSL certificate is not tied to an IP address (it is tied to a Fully Qualified Domain Name), but a design limitation makes it effectively impossible to do Name Based Virtual Hosting with SSL. In other words, an SSL cert may not be tied to a single IP address, but a server on a single IP address cannot support more than one SLL Cert.

When a browser connects it negotiates the SSL before it makes an HTTP request. Apache can't know which virtual domain to serve until it gets the HTTP request, but it needs to know which virtual domain in order to select the correct SSL certificate to negotiate the SSL.

The solution is to use IP based virtual hosting. Sorry. So your single server will have to be configured with an additional IP address for each virtual host that needs SSL.