From owner-freebsd-isp@FreeBSD.ORG Thu Feb 12 09:19:38 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F57516A4CE for ; Thu, 12 Feb 2004 09:19:38 -0800 (PST) Received: from kukulcan.presidencia.gob.mx (unknown [200.57.40.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id D8C6843D2F for ; Thu, 12 Feb 2004 09:19:37 -0800 (PST) (envelope-from nbari@unixmexico.com) Received: (qmail 99815 invoked by uid 85); 12 Feb 2004 17:17:29 -0000 Received: from nbari@unixmexico.com by kukulcan.presidencia.gob.mx by uid 82 with qmail-scanner-1.16 (hbedv: 6.23.0.3/6.23.0.62. Clear:. Processed in 0.571338 secs); 12 Feb 2004 17:17:29 -0000 Received: from localhost.presidencia.gob.mx (HELO [200.23.123.104]) (nbari@sip.gob.mx@[127.0.0.1]) (envelope-sender ) by kukulcan.presidencia.gob.mx (qmail-ldap-1.03) with SMTP for ; 12 Feb 2004 17:17:28 -0000 From: "Nicolas de Bari Embriz G. R." To: Juan Jose Sanchez Mesa In-Reply-To: <2004212181157.302775@juanjo> References: <2004212181157.302775@juanjo> Content-Type: text/plain Organization: UNIXMEXICO Message-Id: <1076606373.1625.2.camel@p4.unixmexico.net> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Thu, 12 Feb 2004 11:19:33 -0600 Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: Multiple SSL Domains on one IP ... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Feb 2004 17:19:38 -0000 A solution could be to use a different PORT per virtualhost domain1:4430 domaim2:4431 domain3:4432 .... On Thu, 2004-02-12 at 11:11, Juan Jose Sanchez Mesa wrote: > (sorry for my bad english) > > > a) is this possible at all? last I checked, I swear that you couldn't > > have multi-SSL certs loaded up per IP, but not sure if that is a limit in > > the certs themselves, or Apache? > > Is not possible, because the SSL negotiation is done before any header is sent from browser to Apache. Apache can't know what virtual server is the browser accesing to use the correct cert. Then, the selection is done using the IP in which the browser is connecting. > > You must have one SSL cert per IP. > > > > > b) does anyone out there offer a wildcard cert that would allow this? > > from what I'm finding, they allow *., but not just * ... or maybe > > some way of sign'ng the cert for the specific IP? > > Wildcard certs are valid to subdomains only, not for domains. > > Best regards. > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >