On Fri, Aug 21, 2009 at 11:09, Curtis Bruneau<[email protected]> wrote: > Each SSL site pretty much needs to be on it's own IP address, the > reasoning is the cert negotiation isn't name based header as apache > would. The only other way would be to have them on different ports but > then you'd have to specify the port when going to the site.
In practice yes, but technically no. SNI allows https to do name-based virtual hosts, although mod_ssl (and older browsers) do not support it. For this reason we use mod_gnutls. http://www.outoforder.cc/projects/apache/mod_gnutls/sni/ -- Cambridge Energy Alliance: Save money. Save the planet. _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [email protected] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
