httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Schaefer <...@performanceadmin.com>
Subject Re: [users@httpd] Questions about implementing SSL/VirtualHosts
Date Mon, 14 Dec 2009 16:11:31 GMT
Justin Pasher wrote:
> Dan Schaefer wrote:
>> So are you suggesting that I need multiple public IPs to implement 
>> this, or just multiple private IPs? Private IPs is not a problem, 
>> however, due to the fact that we have limited public IPS in our 
>> range, it could be a problem when if and when we add new SSL certs. 
>> We would need to re-evaluate our ISP contract before it expires.
>
> You will need a unique public IP address for each SSL site (e.g. FQDN) 
> you are planning on running, unless you have a wildcard cert for 
> multiple subdomains that should all pull the same VirtualHost content. 
> Since SSL encrypts all of the data sent between the server, including 
> the Host: header, there's no way for Apache to know which VirtualHost 
> should handle the request unless it is IP based. SNI[1] is a new 
> extension that allows the Host header to be sent separately, thus 
> eliminating the need for dedicated IP addresses, but it does not have 
> universal browser support (most notably for IE 7.0 only on Vista or 
> higher).
>
> Now, if these sites are being used by the general public, then you 
> don't have to assign unique public IP addresses, assuming the sites 
> are only being accessed through the private IP address on the local 
> network.
>
>
> [1] http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
>
Does it help to mention that my example.com and www.example.com 
certificates are the exact same cert? My apologies for not mentioning 
this in the beginning. If and when we do add SSL to other subdomains, 
they will be different certs. I *don't* see that happening in the near 
future, however. Will I be able to use the same public IP for both 
example.com and www.example.com?

Dan Schaefer
Web Developer/Systems Analyst
Performance Administration Corp.


Mime
View raw message