After some research on this, I found that it isn't
possible.

Because SSL wraps the entire HTTP request (including the
host headers) you currently need to have one IP for each
SSL site you are running.  If it's behind a firewall, that
means one external, and one internal per SSL site that is
using a seperate certificate.

Even a firewall that can route by host name won't work with
2 domains using different certs.  Subdomain sites and the
use of a wildcard certificate shouldn't be an issue.  But
that isn't the case for my query.

Because SSL wraps the HTTP request, the web server must
decrypt the request before applying any host matching, such
as with Virtual Hosts.  So, as Apache puts it, it's a
"chicken and egg" problem.  Which comes first.  So, Apache
always will use the first certificate specified in the
config to do any decrypting.

There is an RFC in the works to solve this issue, but I
wouldn't expect it to be implemented anytime soon juding
from the talk about it.

Anyhow, it does make sense.  I wasn't completley aware that
SSL wrapped everying... I assumed the headers were
available... guess not.  :)  

Hope this helps for anyone else that ever ventures down
this road.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.