From owner-freebsd-isp@FreeBSD.ORG Thu Apr 17 12:48:28 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3436F37B401 for ; Thu, 17 Apr 2003 12:48:28 -0700 (PDT) Received: from seven.Alameda.net (seven.alameda.net [64.81.63.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id A7D8F43F75 for ; Thu, 17 Apr 2003 12:48:27 -0700 (PDT) (envelope-from ulf@Alameda.net) Received: by seven.Alameda.net (Postfix, from userid 1000) id 655393A23B; Thu, 17 Apr 2003 12:48:27 -0700 (PDT) Date: Thu, 17 Apr 2003 12:48:27 -0700 From: Ulf Zimmermann To: Chris Bowlby Message-ID: <20030417124827.N92807@seven.alameda.net> References: <5.2.0.9.0.20030305230242.00a18200@mail.hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <5.2.0.9.0.20030305230242.00a18200@mail.hub.org>; from excalibur@hub.org on Wed, Mar 05, 2003 at 11:05:12PM -0400 Organization: Alameda Networks, Inc. X-Operating-System: FreeBSD 4.7-RELEASE-p2 cc: freebsd-isp@freebsd.org Subject: Re: multiple SSL key's on one IP several Vhosts... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ulf@Alameda.net List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2003 19:48:28 -0000 On Wed, Mar 05, 2003 at 11:05:12PM -0400, Chris Bowlby wrote: > Hi All, > > Googling for a result of an issue where I've got more then one SSL key I > want to enable on a site (one that is certified and one that is self > signed) I ran across and issue where Multiple key's appear to not work on > the same IP, is this still the case? even after two years? Who's bright > Idea was it to tie the SSL key to the IP address and domain, and not just > the domain? > > If anyone has a work around for the this, it would be very useful to know > (other then more then one IP assigned to the VH, not an option as a > limitation of jails...) > > thanks in advance.. I work at a company where we have many different hosts/domain and everything has to be SSL, although the actual application behind it is the same. The application does present different layout logo per virtual site, but otherwise internal and database wise its the same. Managing multiple hosts behind the load balancer with SSL was a pain. We ended up getting us an Alteon (Nortel) iSD100 setup, which is a SSL offloader. For the frontend we already had an Alteon AD3. The frontside still has all the different IPs per virtual host, but the actual servers only have now 1 IP, one config file with namedbased virtualhosts. You can use two AD3 for failover, as well as up to 32 of the iSD100 in a cluster (there are different models I just know the iSD100). Each iSD100 is capable of 7,000 sessions supposely, it has two hardware SSL cards in a 1U case. -- Regards, Ulf. --------------------------------------------------------------------- Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204 You can find my resume at: http://seven.Alameda.net/~ulf/resume.html