[CentOS] do i need a dedicated ip address for https?

Alan Hodgson ahodgson at simkin.ca
Wed Dec 22 16:07:16 UTC 2010


On December 22, 2010 02:05:26 am Tony Mountifield wrote:
> The thing you CAN'T do is to have name-based virtual hosting with multiple
> domains on a single IP address, with more than one of them using SSL.
> Name-based virtual hosting relies on the HTTP Host: header to identify
> which virtual host is being accessed. But under SSL, the headers are
> not sent until the encrypted SSL channel has been set up. So the only
> way the server can know which certificate to use is by the IP address
> on which the request is recieved. So multiple SSL sites on a single
> box MUST each have their own IP address.

Nowadays certificates can contain Subject Alternate Names and work for multiple 
domains. You can also get a wildcard addresses for *.yourdomain.com. Both 
mechanisms work fine for modern web browsers; maybe not so much for other SSL-
oriented tools, though. 



More information about the CentOS mailing list