From S23Wiki
Jump to: navigation, search

Extra footnote

From http://www.nurdletech.com/https.html

Apache allows one server to service several websites through its Virtual Hosts feature. When multiple virtual hosts exist, Apache must determine which host should serve each request. It does this in one of two ways: based on the host IP address or the host name. When using the host IP address, the server must have multiple IP addresses, one for each virtual host. When using name-based virtual hosts, all sites use the same IP address and the browser sends the name of the site with each request and Apache uses the name to determine which host should serve the request.

With name-based virtual hosts, the host name is contained in the data stream, which is encrypted by SSL. To access the name, Apache must first decrypt the stream, which requires a certificate. Thus, it must choose a certificate before it knows the virtual host. For this reason, when using name-based virtual hosting there can only be one certificate. Apache uses the certificate mentioned first in its configuration file. If you specify multiple certificates, one for each virtual host, Apache will use the one for the first host without generating any errors or warnings.

If instead you use IP address-based virtual hosts, Apache can determine which certificate to use without first decrypting the stream based on the IP address used by the address. In this way, each virtual host can have its own certificate.