Multiple virtual hosts using SSL on the same IP and Port

Tonight I decided to set up SSL on two internal web apps I’ve been running for a while. I have a wildcard certificate *.stockpr.com just for this purpose. Each app was originally running on a separate hostname on a single IP address on port 80.

After I started setting up SSL, I realized that I might run into trouble because Apache has always said you can’t combine NameVirtualHost and SSL. The reason for this is that the SSL session is established before the HTTP headers are sent. Since NameVirtualHost relies on the HTTP Host header, which is unavailable since it hasn’t yet been sent at the time SSL is being negotiated, Apache can only use a single SSL cert per combination of IP and port.

So my thought was this should technically not be a problem since both of my hostnames are under the same domain and I have that fancy wildcard certificate for both virtual hosts. I thought Apache just might be cool enough to send the first certificate it finds, but still respect the HTTP Host header and send the request to the right virtual host.

Guess what… Apache is indeed that cool. I now have x.stockpr.com and y.stockpr.com on the same IP and port with two different virtual hosts, sharing the same certificate.

Won’t exactly revolutionize web hosting, but it definitely made my day night go a little easier. (Of course if you read my last post, something else more than made up for it)

This entry was posted in sysadmin and tagged , . Bookmark the permalink.

2 Responses to Multiple virtual hosts using SSL on the same IP and Port

  1. eric says:

    That’s really cool. Too bad it’s not well supported on the client side.

    The following combinations do not support SNI.
    Windows XP and Internet Explorer 6 or 7
    Mac OSX and Safari 3
    http://en.wikipedia.org/wiki/Server_Name_Indication

Leave a Reply

Your email address will not be published. Required fields are marked *