At 12:11 17.05.00 +0200, you wrote:
>Hello,
Hello,
>We run multiple shops on a http server; running Linux, WN (as the http
>server) and MySql. They all use the same ip adres. The webserver uses a
>virtual host table to translate the actual domainname into the directory
>for that shop.
>So far so good.
>
>To give each shop ssl possibilities, we want to install a certificate
>for each shop on the server, but this doesn't seem to be possible.
It is not possible, because the server gets the information
about the connected host after the initial SSL handshake.
And he needs the information about the domain to send the needed
host certificate (in the SSL handshake).
>Questions:
>- is it possible at all or does every shop need his own ip adres
>(because each certificate is related to its "own" ip adres?)
You have three solutions for this problem:
* use for every shop a seperate IP address
(in your firewall you copuld map them to ports on the same server:
eg: IP shop1 -> server,port shop1, IP shop2 -> server,port shop2,...)
* use for every shop a seperate port
(eg. Shop 1 port 1443, Shop2 2443,...)
* use one certificate for all your shops.
they must be on subdomains of your normal domain:
shop1.your.domain, shop2.your.domain,...
And your host certificate has the CN *.your.domain
By
Goetz
--
Goetz Babin-Ebell, TC TrustCenter GmbH, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
