On Sat, Jul 15, 2006 at 06:03:08PM +1200, Steve Holdoway wrote: > I worked out a method whereby you could proxy https to a different port > depending on virtual host name, which should allow multiple certificates. > Never tested it, tho'
Test it, please! The basic problem with HTTPS is that the SSL negotiation is carried out before the HTTP 1.1 Host: is read; which means that all your sites would get the same certificate, regardless of name. And most commercial certificates are URL-specific, which therefore generates mismatch errors. However, it's possible that current proxy modules can postpone the encryption negotiation, which would be very good to know about indeed! -jim
