There exists a web application that hosts multiple websites for the clients under different domain names. Each one of these domain names are located with an single apache vhost, the logical seperation into different sites is performed through the software.
We wish to offer ssl-support for a few of these virtual websites. Pricipically that needs to be not a problem, as after an ssl connection is made, the program may use the host: header to path to the right website.
But: How do you tell apache for everyone the right certificate, with respect to the asked for host?
It is possible to possibity to map certs to domain names, e.g. with something similar to:
All assistance is appreciated!
Additionally as to the @bobince stated, you could have multiple host names within the same certificate (not always with wild-cards or sub-domain names) using multiple DNS records within the subject alternative title extension. (CAs will probably charge a significantly greater fee for this kind of certificate).
You will have to make use of a separate Ip per SSL domain. You are able to set the
SSLCertificateFile okay on the VirtualHost which has an IP:port combination to itself.
It's a limitation of HTTPS that you simply selecting certificates to secure the bond happens before the customer passes a
Host: request header (it needs to, since the headers will also be encoded). Which means you can't have several hostname per Ip (aside from wildcard certs, which only provides you with subdomains).
Extra time to SSL referred to as SNI works for this problem, but browser support isn't presently sufficiently good to consider for public deployment.
No chance. Because the host header is just sent following the SSL connection is to establish, the server can't serve a SSL certificate with respect to the host.
Server Name Indication attempts to fix this, however is not implemented on all browsers.
In case your searching to purchase an SSL using the FQDN option, Totally GlobalSign are presently offering 33% off all there certificates with this month? Along with the Limitless Server Licence they've just began offering, sounds in my experience just like a great bargain,