[thelist] Apache/SSL Question

Anthony Baratta Anthony at Baratta.com
Thu Oct 31 12:08:01 CST 2002

At 09:54 AM 10/31/2002, rabbit at poorrabbit.com wrote:

>By using the ServerName (or ServerAlias) directive, combined with
>NameVirtualHost/VirtualHost directives, you can have multiple sites,
>with different names and different doc roots that all have the same IP
>address. If I'm not mistaken you can do this to have multiple SSL sites on
>the same IP as well. SSL certs are tied to domain names, NOT ip addresses.

Just a bit of clarification here.

Currently you need to have a unique IP for each SSL domain. While the SSL
Cert is tied to a specific domain name, the domain name is encrypted
_prior_ to transmission by the web browser so when the web server receives
the communication it only knows the IP address of the domain. In order to
get the virtual domain name for proper routing, it needs to decode the
packet first. If there are multiple certs on the same IP, it will only grab
the first (or maybe the last) cert attached to the IP address in the packet
- there by ignoring any other certs attached to that IP.

Once decoded then the web server knows which domain to talk to and you are
routed to the proper virtual domain, but then SSL cert used to decode the
packet may or may not match the domain you end up at causing an error.

Clear as mud?? ;-)
Anthony Baratta
Keyboard Jockeys

"Conformity is the refuge of the unimaginative."

More information about the thelist mailing list