On 11/27/06, Whil Hentzen (Pro*) <[EMAIL PROTECTED]> wrote: > > Cuz... (I think)... you can't do SSL on virtuals.
The simple answer is "Yes, that's correct. Each SSL should have it's own IP address." The complicated answer is that you can do multiple SSLs on different ports (or other hacks), but that can get awkward. https://www.tedroche.com runs on port 443 and https://www.tedroche.com:10000 runs on a different port with a different SSL certificate. But you likely don't want to do that. Simple and probably slightly-incorrect explanation: SSL is Secure Sockets Layer. When an SSL request comes in, a different executable handles the requests at the socket level, below the application layer where the web server works. That executable handles all the magic of certification validation/verification and establishing the encrypted tunnel. Then it hands the request to the web server for it to do its processing. So, all port 443 traffic gets handled by the same mechanism and handed to the web server. At that point, it is too late for the web server to ask for the name of the domain that was requested and route the request to a differently-named ("virtual") web server. All 443 requests get handled at one point. There's some technical reason for this, but it's a bit beyond me, too. The two Q&A here: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts might do a bit better job. > If I'm hosting > domainA.com and domainB.com, and I want them both to be SSL, I can't use > virtual domains. I need them both on their own IPs. So you assign each domain to its own IP and assign both IPs to the same NIC. -- Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
