Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
Re: [suse-security] 2 virtual hosts, 2 certs
  • From: Laurie Brown <laurie@xxxxxxxxxxxx>
  • Date: Tue, 08 Jul 2003 09:55:35 +0100
  • Message-id: <3F0A8707.3090807@xxxxxxxxxxxx>
Peter van den Heuvel wrote:
AFAIK virtual hosting isnt possible with SSL.

Is correct. Think about it:
1) Open a socket.
2) Negotiate SSL over the socket.
3) Send first HTTP GET/POST over SSL.

During step two the server simply does not know what virtual domain might later be requested in step 3. So you must tie certificates to sockets; either IP's or ports.

Sorry, it is possible.

Tying a cert to an IP doesn't make it impossible. Apache can handle IP-based virtual domains, and can listen on different ports for multiple IP addresses. Linux can easily handle multiple IP addresses on the same NIC. QED, it's possible to host mutliple SSL virtual domains on a single apache daemon, as long as each host has its own unique IP address.

I'm doing it!

Cheers, Laurie.
Laurie Brown

< Previous Next >