Good day! Sun, Apr 08, 2007 at 06:48:41PM +0100, Jay L. T. Cornwall wrote: > Virtual hosts and SSL don't mix. Or so people say, for the simple reason > that in order to reach the HTTP negotiation an SSL connection must be > established first with a certificate/key pair. > > If you give it a try, Apache fills its log with the "SSL server IP/port > conflict" and "You should not use name-based virtual hosts in > conjunction with SSL" warnings. But since the adoption of wildcard SSL > certificates virtual hosts over SSL work just fine because the same > certificate/key pair is used for all of them.
I can add that if you're using subjectAltName extension and place many DNS names into it, this will do the trick for the name-based virtual hosts. In the presence of the subjectAltName with the DNS entries in it, the DNS name of the server SHOULD (if memory servers me right: I am not able to find the reference document now) be checked against the subjectAltName components. At least IE/Mozilla/Firefox/OpenLDAP/curl/elinks are doing these checks. It is a bit different from the wildcard certificates, since no wildcards are here, just the bunch of the dNSName objects in the subjectAltName. -- Eygene
