> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Andy Malato
>
> Well people usually assign an IP address to the secure.domain.com
> and one to the regular.domain.com or just run two instances of the
> apache server, one regular and one secure.
>
> You can also maintain a wild card cert from Verisign, this cert will
> enable you to have all your hosts under your domain secured by one
> cert, such that *.yourdomain.com will be vaild for one certificate
> issed from Verisign, I belive that Thawte also offers this option,
> not sure about Equifax though.
>
> All in all that's a general summary of how its done. Hope I explained
> this well.
To clear this up, you need a separate IP or port combination per
certificate. Since most people don't want to see
https://www.yourdomain.com:8443/ or some other port number, this means that
people will have to use separate IP addresses per SSL domain. There is no
way around it.
Of course, for http://www.yourdomain.com/ to work, it has to be the same IP
address as your secure site which means you might as well give everyone who
wants a secure site their own IP address.
The only alternative is to use subdomains or subdirectories of one domain
and have people share certificates using the same certificate. Yahoo does
this, you'll see a lot of stores running sites under
https://stores.yahoo.com/yourstore/.
-Dave
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
