Hello Bill,
>> It is a requirement of the SSL protocol that it cannot share the same
>> IP address and port combination.
BG> The cert is tied to the domain name not the IP address.
BG> I'm not sure I understand what you are saying. The web server can't tell
BG> the difference between a user typing https://somesite into their browser
BG> versus selecting a link to https://somesite from a web page.
>From mod_ssl docs:
Why cannot I use SSL with name-based/non-IP-based virtual hosts?
The reason is very technically. Actually it's some sort of a chicken
and egg problem: The SSL protocol layer stays below the HTTP protocol
layer and encapsulates HTTP. When an SSL connection (HTTPS) is established
Apache/mod_ssl has to negotiate the SSL protocol parameters with the client.
For this mod_ssl has to consult the configuration of the virtual server
(for instance it has to look for the cipher suite, the server certificate,
etc.). But in order to dispatch to the correct virtual server Apache has to
know the Host HTTP header field. For this the HTTP request header has to be
read. This cannot be done before the SSL handshake is finished. But the
information is already needed at the SSL handshake phase. Bingo!
BG> Apache has no problem with name-based virtual hosting and SSL.
BG> We do it all the time.
Bill, anyone, please explain, how you do that ?
Just in few words, to show the way.
--
Best regards,
Sergei Kolodka mailto:[EMAIL PROTECTED]
