If I have 2 sites and I'd like to get SSL certificated for each of them, is it required that the 2 sites have separate IP addresses?

If you are going to use 1 cert for the two domains.. then you need min 1 IP [dedicated that is] for both of them.

The only trouble is the user's browser may show that
"The certificate does not match the name of the domain " or some thing like that for the second domain.

That's a complex issue. The sites can share an IP address and cert under some circumstances, but most users will probably want a dedicated cert which requires a dedicated IP address.

eg, you could use:

https://www1.hostname.com/site1.com/
https://www1.hostname.com/site2.com/

but for:

https://www.site1.com
https://www.site2.com

each site would need a dedicated IP and cert.

This is because the current SSL plugins for apache do not support name-based virtual hosts.

Originally posted by Skeptical
If I have 2 sites and I'd like to get SSL certificated for each of them, is it required that the 2 sites have separate IP addresses?

If each site has its own domain name, then yes.

The alternative would be that each https could use a port other than the default and share the same IP address.

Great thanks for the info guys. :)

Originally posted by fr0zenWHS
This is because the current SSL plugins for apache do not support name-based virtual hosts. [/B]

I was looking on http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts
Which explains why it's not possible for named based virtual hosts.

I'm curious at your wording tho., the current SSL plugins don't support it. Does this mean that something is under developement that will? Just wondered if you knew.

Originally posted by ThomasB


I was looking on http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts
Which explains why it's not possible for named based virtual hosts.

I'm curious at your wording tho., the current SSL plugins don't support it. Does this mean that something is under developement that will? Just wondered if you knew.

With some creative hacking, it's possible to implement name-based SSL, but it would most likely require some modification to the browser as well. Probably shouldn't hold your breath.