Ara Avvali wrote: > Good afternoon everyone, > > This is my first post here. I was wondering if someone could clear my > mind about this. > > I have a dedicated server with a single ip address assigned to it. I > want to host couple of site which are hosted somewhere else and they > have signed certificates. Now I want to host them all on this single > server. No, you can't have more than one certificate per IP address (other then using different ports). The SSL handshake takes place before any data is transmitted. Therefore, Apache doesn't know which of the virtual webs the user is attempting to access. However you can use the X509v3 Subject Alternative Name to store multiple host names into it. For example, you could store something like this into it: SubjectAltName: DNS:www.foo.com, DNS:www.bar.com, IP: 1.2.3.4 (or something like that, syntax for IP could be IPAddr, not 100% sure). Such certificate would be valid for all of the following (users are not going to get any warnings or annoying pop-up windows): https://www.foo.com/ https://www.bar.com/ https://1.2.3.4/ However, there's couple of problems with using X509v3 Subject Alternative Name: Not all web browser might support it. Current versions of Internet Explorer, Mozilla, and Firefox work correctly with such certificates, but older versions might not (very old versions would ignore X509v3 extensions). Some obscure web browsers might not support it either. You'll be using single certificate for all virtual hosts. This might be the problem if virtual hosts are owned by different people (if they know anything about security, they'll insist on using their own certificates, and simply reject to use shared certificate). The biggest problem is, if you are buying certificate from well known CA, you might have hard time finding one that will sell you certificate with multiple hosts names in X509v3 Subject Alternative Name. Last time I was checking (some years ago) there was none. Maybe situation changed since then (or maybe some will do it on special request -- and special fee). For an example, check certificate at https://www.milivojevic.org/ (it contains www.milivojevic.org in CN, and there's SubjectAltName in extensions for www.milivojevic.org and localhost).