[TAG] HTTPS question
mso@oz.net
mso
Thu Sep 1 01:44:03 MSD 2005
Is there any way to have multiple HTTPS domains on the same IP/port? The
mod_ssl FAQ says name-based virtual hosts are impossible with HTTPS [1].
I've got two sites currently on different servers. Each is distinguished
by a path prefix ("/a" and "/b"), so they aren't dependent on the domain
name and can be installed in the same virtual host. The boss wants them
consolidated on one server, and to plan for additional sites in the
future. The problem is the certificates. A certificate is
domain-specific, and it looks like you can have only one per virtual host.
So person A types https://a.example.com/a/ and it authenticates fine, but
person B types https://b.example.com/b/ and gets a "domain does not match
certificate" dialog. (I have seen this in some cases, but haven't gotten
it in my tests. But it may be because we're still using unofficial
certificates and getting the "unknown certificate authority" dialog
instead.) The only solutions seem to be using a general domain for all
the sites, getting a separate IP for each one, or running them on
nonstandard ports.
[1] http://www.modssl.org/docs/2.8/ssl_faq.html ("Why can't I use SSL
with name-based/non-IP-based virtual hosts?")
--
-- Mike Orr <mso at oz.net>
More information about the TAG
mailing list