Peter Scott wrote:
>
> I have also had this problem. The only way I could get around the single
> certificate restriction was to install multiple apache servers. Anybody know of a
> better solution?
This is not a "restriction" - it is a fundamental consequence of the way
SSL and HTTP work. SSL negotiation takes place *before* any HTTP
traffic. The server needs a certificate to negotiate SSL. But the
host-name (which comes via HTTP) hasn't arrived yet. How is apache
supposed to choose a certificate from the various virtual-hosts if it
hasn't received the host-name yet?
The only other solutions are:
- Use more than one IP address.
- use distinct port-numbers (good solution for an intranet).
Rgds,
Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
