I am hosting multiple websites on a server with a single IP address. I have a single certificate for one of the domain names. Is there a way to configure Apache so that the certificate applies only to that single domain and not others on a single IP address? Right now the setup works, but that same certificate is used for all, which is obviously not what I want. I don't want to set up SSL for these other domains, rather, just disable SSL functionality for all except that one domain.
An example would be really helpful!
Thanks!
Answer
Because of the way SSL typically works, what you want is not feasible. When you understand how https works, its easy to understand why. When a browser makes an HTTP connection, what happens is to first create a TCP connection, then start talking the HTTP protocol over that TCP connection. The HTTP protocol provides a way for the client to say "I'm intending to fetch pages from the server named 'www.example.com'", This server name is what is being used by apache to decide which VirtualHost to use.
With HTTPS, what happens is, a TCP connection is made, then SSL is negotiated (the server sends the certificate to the client, the client verifies that the certificate is legitimate, they exchange session keys), then they talk HTTP over this SSL encrypted TCP connection, and only then can the client say which server name they are intending to talk to.
So here the problem is that they have already negotiated the SSL connection before the server knows which server they are trying to talk to.
Server Name Identification intends to extend SSL/TLS in order to let the client specify a server name as part of the SSL negotiation, but it is not supported widely enough in browsers to rely upon yet.
No comments:
Post a Comment