We have a web application that hosts multiple websites for our customers under different domains. All these domains are hosted on an single apache vhost, the logical seperation into different sites is done by the software.
We would like to offer ssl-support for some of these virtual websites. Pricipically that should be no problem, as after an ssl connection is established, the software can use the host: header to route to the correct website.
But: How do I tell apache to serve the correct certificate, depending on the requested host?
Is there a possibity to map certs to domains, e.g. with something like:
SSLCertificateFile file
开发者_C百科All help is appreciated!
In addition to what @bobince said, you can have multiple host names in the same certificate (not necessarily with wild-cards or sub-domains) using multiple DNS entries in the subject alternative name extension. (CAs are likely to charge a much higher fee for this type of certificate).
This is not possible. Since the host header is only sent after the SSL connection is set up, the server can not serve a SSL certificate depending on the host.
Server Name Indication tries to fix this, but is not implemented on all browsers.
You will need to use a separate IP address per SSL domain. You can set the SSLCertificateFile
okay on a VirtualHost that has an IP:port combination to itself.
It is a limitation of HTTPS that you choosing a certificate to secure the connection happens before the client passes a Host:
request header (it has to, because the headers are also encrypted). So you can't have more than one hostname per IP address (except for wildcard certs, and that only gives you subdomains).
An extension to SSL known as SNI works around this problem, but browser support is not currently good enough to consider for public deployment.
精彩评论