Name based virtual hosting and SSL-What are my options?
Ok, so I know name based virtual hosting and ssl work together. I have a server that hosts several name based sites. The problem is that one of them requires ssl for online transactions. Is it possible to add an IP based virtual host to this server? What steps and any caveats? The dns records point all domains to the same IP address, and from what I know IP based v hosts need to have their own? Any help would be greatly appreciated. Thanks,
Originally posted by Cloudmaster Is the IP address already in use by an SSL certificate? If not, I don't think there's any problem with tying a certificate to one name based host.
Name-based virtual hosting is usually simpler, since you need only configure your DNS server to map each hostname to the correct IP address and then configure the Apache HTTP Server to recognize the different hostnames. Name-based virtual hosting also eases the demand for scarce IP addresses. Therefore you should use name-based virtual hosting unless there is a specific reason to choose IP-based virtual hosting. Some reasons why you might consider using IP-based virtual hosting:
Some ancient clients are not compatible with name-based virtual hosting. For name-based virtual hosting to work, the client must send the HTTP Host header. This is required by HTTP/1.1, and is implemented by all modern HTTP/1.0 browsers as an extension. If you need to support obsolete clients and still use name-based virtual hosting, a possible technique is discussed at the end of this document.
Name-based virtual hosting cannot be used with SSL secure servers because of the nature of the SSL protocol.
Some operating systems and network equipment implement bandwidth management techniques that cannot differentiate between hosts unless they are on separate IP addresses.
How's your server setup? Who are your server providers? We simply purchase more IP's from our server provider "Server Matrix" if we need them. Is this your own server you run yourself or from a Datacenter?
Originally posted by illum How's your server setup? Who are your server providers? We simply purchase more IP's from our server provider "Server Matrix" if we need them. Is this your own server you run yourself or from a Datacenter?
Our server is setup on an ameritech T1 connection. They gave us a block of I believe 4 IP addresses, all in use by different servers. Yes, this is our own server.
Okay, here's the scoop. For SSL Certs you need to have a dedicated IP, so, what it comes down to is that you need to move this client to their own IP address. Otherwise, it is entirely possible to setup a single SSL certificate on your shared ip, and use it for all clients. Either that, or use the shared ip that you do your name baesd hosting on, and add the certificate to that. Once you make that commitment you will not be able to put any other certificates on that IP address.