The mailing list for listmasters using Sympa

[Patrick von der Hagen <address@concealed>]

Adam Bernstein schrieb:
>> what you say is true for http requests. However, https is not as easy,
>> because of the SSL protocol. See:
>> http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-with-mod_gnutls/
> 
> 
> Right, that's what I meant, this is always the problem with SSL.  I
> always have to research it again to remind myself exactly why, but you
> need each SSL virtualhost to live on a different IP address (or a
> different TCP port); you can't used name-based virtual hosts with SSL. 
> The one exception may be if you purchase a wildcard SSL cert, but that
> would only work for different hostnames within the same domain, while I
> need the same hostname in different domains.
Well, one could perhaps consider SNI (Server Name Indication, RFC 3546)
which should help running several hostnames with https on one IP. Recent
browsers should support it, and one shouldn't use older ones anyway, but
wheter or not this is a problem for you depends completely on your
customers. As long as SERVER_NAME is set correctly, SNI should be
transparent to sympa.

http://en.wikipedia.org/wiki/Https
Because SSL operates below http and has no knowledge of higher level
protocols, SSL servers can only strictly present one certificate for a
particular IP/port combination[citation needed]. This means that in most
cases it is not feasible to use name-based virtual hosting with https.
RFC-3546 TLS Extensions describes a solution called Server Name
Indication (SNI), although support for is recent (Opera 8, Mozilla 1.8,
Internet Explorer 7 on Windows Vista, ...).[3][4]

-- 
CU,
   Patrick.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature