Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: sukrub on August 27, 2004, 03:15:10 AM
-
I am quite new to SME server, and to linux for that matter, so take it easy.... I would like to host multiple eCommerce sites in my server. I have already setup osCommerce on SME 6.0.1-01. It works fine. Now it is time to get a SSL certificate. I believe the SSL certificate is assign to the primary domain, and not the virtuals. Is there a way to get different SSL certificates for different I-Bays?
-
Has anyone ever found a solution to this issue? I've run into the same issue and would like to issue different ssl certificates for each domain.
-
Has anyone ever found a solution to this issue? I've run into the same issue and would like to issue different ssl certificates for each domain.
I guess you will have to rewrite all the configuration logic in the httpd.conf templates to accomodate for each virtualdomain to have it's own secure settings and it's own certificate.
-
I'm afraid the answer is here
http://www.modssl.org/docs/2.0/#FAQ-vhosts
which says
# Why cannot I use SSL with name-based/non-IP-based virtual hosts?
The reason is very technically. Actually it's some sort of a chicken and egg problem: The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP. When an SSL connection (HTTPS) is established Apache/mod_ssl has to negotiate the SSL protocol parameters with the client. For this mod_ssl has to consult the configuration of the virtual server (for instance it has to look for the cipher suite, the server certificate, etc.). But in order to dispatch to the correct virtual server Apache has to know the Host HTTP header field. For this the HTTP request header has to be read. This cannot be done before the SSL handshake is finished. But the information is already needed at the SSL handshake phase. Bingo!
Name based host is what SME uses for virtual domain.
Bob