[SATLUG] Apache with 1 IP, two SSL sites, different ports
brad at shub-internet.org
Thu May 21 12:45:16 CDT 2009
on 5/21/09 12:27 AM, Bruce Dubbs said:
> I haven't been following this closely, but it makes no sense for a cert
> to be tied to an ip address. It does make sense to be tied to a domain
> name. I know that openssl does not require a domain name when
> generating a cert. If it's a self signed cert (aka a certificate
> authority), it certainly doesn't make sense to tie this to an ip address.
The problem is that the SSL certificate is sent before the client makes
the request, so if you have more than one SSL certificate for a given IP
address, the server won't know which cert to send. Once the client gets
the SSL cert, it can compare the domain in the cert against the domain
claimed by the webserver, and issue a warning or error as appropriate.
Google for "one IP per ssl cert".
> So it's an apache/ssl issue. Some googling gives:
> Which explain the issue more.
Indeed, we are in violent agreement. ;-)
<brad at shub-internet.org> If you like Jazz/R&B guitar, check out
LinkedIn Profile: my friend bigsbytracks on YouTube at
More information about the SATLUG