Hi, On Mon, Sep 21, 2009 at 10:17, Niki Kovacs <contact at kikinovak.net> wrote: > Jerry Franz a écrit : >> Tracy Phillips wrote: >>> Benjamin Franz wrote: >>>> 1) Use a wildcard cert. You can use *.somedomain certs to serve multiple >>>> SSL domains on a single IP so long as they fit in the *.somedomain pattern. >>> >>> This is incorrect. >> Yes you can. I have SSL servers configured precisely like that. They >> work fine. I also have this configured in a couple of servers. as long as you have a wildcard certificate (*.example.com) and all names are direct subdomains of that domain (www.example.com, secure.example.com, intranet.example.com, wiki.example.com, bugs.example.com, etc.) it works just fine. There are some warnings in Apache's error_log, like those: [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!! [warn] RSA server certificate CommonName (CN) `*.example.com' does NOT match server name!? But it works regardless of those. > Any way you can copy/paste your Apache configuration? There is nothing to it, you should only make sure that the SSLCertificateFile, SSLCertificateKeyFile and SSLCertificateChainFile point to the same files in all your virtual hosts, and that those files are the ones for the wildcard certificate. If you have to provide SSL for different domains, you can do that using IP-based virtual hosts, there is some documentation on how to do that here: http://httpd.apache.org/docs/2.2/vhosts/ip-based.html If you go that route and start having to assign a very large number of IPs to a single machine, you can assign a whole IP range to a machine by creating an interface alias to the loopback interface, that way you can assign 16, 32, 64, 128, 256 or even more IPs to a machine with one configuration only. Let me know if you would like more information on how to do that. Cheers, Filipe