httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <>
Subject RE: [users@httpd] multiple SSL VirtualHosts
Date Fri, 30 Aug 2002 07:26:59 GMT
You can have multiple SSL VHs but only if they use different IP addresses and/or port numbers.
So for instance: and (port-based)
or and (IP-based)
or and (IP and port-based)

PS the last one is silly :-)

Assuming you choose the IP-based solution, then you just separate the VHs by IP address and
put the appropriate certificate in each one. E.g. (assuming mydomain1 = and mydomain2

  ServerName mydomain1
  SSLCertificateFile /path/to/mydomain1.crt

  ServerName mydomain2
  SSLCertificateFile /path/to/mydomain2.crt

I assume you have two certificates... If you use just one certificate in two VHs, you will
get a warning on one of the sites.


Owen Boyle

>-----Original Message-----
>From: Karoly VEGH []
>Sent: Donnerstag, 29. August 2002 20:27
>Subject: RE: [users@httpd] multiple SSL VirtualHosts
>On Thu, 29 Aug 2002, Boyle Owen wrote:
>> The mistake is in trying to make name-based SSL virtual 
>hosts. You can't.
>> The problem comes up frequently on the mod_ssl mailing list (e.g.
>> Basically, the trouble is that the SSL session has to be established
>> before there is any HTTP traffic. This means the server needs the
>> certificate before it gets to see the "Host" header. 
>However, since it
>> doesn't know the Host, how is supposed to know what VH to use for the
>> cert?
>thanks for the info, *sigh*
>> To put it another way, SSL packets are routed using only TCP/IP
>> attributes (IP and port number) and do not have any HTTP attributes
>> available to them at the session set-up.   >
>OK, i tried it both ways, with another port and with another IP...
>but i have  aweird problem.
>Though I have the
>directive in the VIrtualHosts section,
>when i call comes the message from the browser
>that this server uses the certificate from ...
> comes the first in httpd.conf, but i dont know 
>where to search
>for the mistake.
>any ideas?
>Yetsten poss omm-moy owf, vonn da yayzooss show English graydit hot,
>don is diss show long goo-add gnu-og fee-a ike, es tsneeacktal.
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:> for more info.
>To unsubscribe, e-mail:
>   "   from the digest:
>For additional commands, e-mail:

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message