开发者

ssl certificate for several domains, one IP

开发者 https://www.devze.com 2023-04-07 20:17 出处:网络
AFAIK, SSL is assigned to a single domain name (maybe several subdomains via wildcard). On the other hand i heard that the webserver does not see the domain before it serves the ssl?

AFAIK, SSL is assigned to a single domain name (maybe several subdomains via wildcard).

On the other hand i heard that the webserver does not see the domain before it serves the ssl?

If I have multiple domains running as vhosts on one IP address:

Q1: Can the webserver serve the appropriate respective SSL to the sites?

Q2: Is there a way to have only one multi-domain SSL serving two domains on one IP?

Illuminate me out of confusion brought upon me by this seemingly self-contradictory quote:

Regular SSL Certificates are issued for a single FQDN (Fully Qualified Domain Name). The domain using the certificate has to have its own unique external IP address from which to be served. In practice, this means that if you have multiple domains on a single IP address/server, then you had to install a separate certificate on each domain you wanted to secure.

The reason for this is the use of 'Host-Headers'. They allow a web server to use a single IP address to serve many separate sites with different FQDNs. They do this by identifying the incoming request for a webpage, and routing it to the correct site accordingly.

When an SSL connection is initiated, the server must send a certificate to the client - before it knows the host-header of the request. The only identifying piece of data it has is the requested IP address. As such, two or more sit开发者_如何学Ces on one IP address cannot use different SSL certificates....


Q1> the web server doesn't need to know the domains embedded in an SSL cert. only the browser does since it's the one making sure the domain in the certificate matches the domain in the address bar. The web server just serves up the cert bound to the ip address, regardless of what domain is in the certificate.

Q2> what you describe is a SAN or UC certificate. They are designed to do what you stated, namely allow multiple domains to share one cert on one ip address. Check out this link on Subject alternative names for more info

0

精彩评论

暂无评论...
验证码 换一张
取 消