On Fri, 12 Jul 2002 07:17:35 -0700 Scott Francis <darkuncle@darkuncle.net> wrote:
a different certificate for each site while using one IP address. (Correct me if I'm wrong!)
According to http://httpd.apache.org/docs/vhosts/name-based.html (thanks Gerald), name-based hosting cannot be used with SSL due to the nature of the SSL protocol.
correct. there's a specific technical problem due to the way that the https protocol is designed; it's a chicken-and-egg problem. specifically, name based identification of sites is based on the HTTP host request-header field. in https, the certificates are processed before the Host request-header is transmitted; Host is supposed to be inside the encrypted tunnel. a different design might have permitted named based https identification of virtual web site, but they did what they did. richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security