I have a web-server, that serves different domain-names, but has only one IP-address assigned. That works fine with virtual hosts in Apache. Now I want SSL-encrypted connections for the websites. How can I set different SSL-certificates for the different vhosts?
Using different IP's for the different hostnames would be an solution - not very elegant but possible. But I want to know, how I can use different SSL-certificates for different vhosts. So I look for a solution with only one IP-address.
UPDATE: 2013
It appears that SNI is finally beginning take hold as older browsers are falling away. Here are the docs for Apache SNI and here is a wikipedia article on SNI that includes a chart on browsers that support it. In short, all the major browsers support it in supported versions; if supporting older browsers is important, you may have to take that into consideration.
------ previous answer ------------
SSL Hosts must be tied to a unique IP address/port combination, thus you cannot use virtual hosting (Or at least, it can only have one ssl host per IP address). This is due to the fact that https begins encryption before the Host: parameter is sent in http, and thus it cannot determine which cipher to use from the hostname - all it has is the IP address.
This would be silly easy to fix if HTTP had a TLS command so it could start SSL after asking for the hostname, but no one asked me.
For the definitive answer, see http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With