On Dec 23, 2010, at 3:03 AM, David Hrbáč <hrbac.conf at seznam.cz> wrote: > Dne 23.12.2010 1:08, Les Mikesell napsal(a): >> The issue is that the server needs to know the hostname given to the >> browser to find the matching certificate, and the only way to do that >> and stay on the standard port 443 with the apache version on centos is >> to bind each virtual host to a different IP address. Per the apache ssl >> faq at http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2, 2.2.12 >> or later supports SNI where the browser passes the hostname before the >> ssl session starts. >> > > Guys, > Of course that it's possible to host multi-site on ONE ip. As Les has > said, it's about SNI enabled web clients and servers. Not all clients > support SNI. As to Apache, there's no need to go with 2.2.12. SNI is > very easy to support with both Centos 4 and Centos 5. There's module > mod_gnutls packed for Centos in one of my repo. Used in production for a > few years now. > > http://fs12.vsb.cz/hrb33/el5/hrb-tls/stable/i386/repoview/ > http://fs12.vsb.cz/hrb33/el5/hrb-tls/stable/x86_64/repoview/ > http://fs12.vsb.cz/hrb33/el4/hrb-tls/stable/i386/repoview/ > http://fs12.vsb.cz/hrb33/el4/hrb-tls/stable/x86_64/repoview/ As long as the forward DNS resolves to the common name the cert will be accepted and you can have multiple host names resolve to the same IP. -Ross