[wp-hackers] WordPress multisite, Domain mapping and SSL
wp-hackers at thecodecave.com
Wed Aug 31 04:20:45 UTC 2011
And prior to this, Apache would indeed always serve the first
certificate associated with that IP address.
So the real restriction was 1 certificate for IP address, and not that
you couldn't serve multiple vhosts securely. So there was a work around
if you were tricky.
You could create/purchase a certificate with each domain and the
wildcard for the domain (example.com *.example.com example2.com
*.example2.com), and thus you would always serve the valid certificate.
I can issue signed Class 2 certificates, and was able to get this to
test this and got it work with a fair number of domains on the single
certificate. Apache would throw up warnings at restart (that it
wouldn't be serving the configured certificates), but they could just be
ignored. If it serves the one certificate, and it's the right one,
that's all you need.
That said, you'd probably be better off with multiple IP addresses or
SNI. It's not cost effective for most people to purchase certificates in
that fashion, so this "feature" isn't often used. And any little known
feature may evaporate due through disuse. (Though if anyone did want to
try this for fun, and or money is the driving factor, you could always
become a StartSSL.com Verified partner and issue the certificates
yourself upon demand).
On 8/30/2011 9:11 PM, Doug Stewart wrote:
> Not entirely true. Apache after 2.2.12 supports SNI (Server Name
> Indication) which allows for multiple SSL certs per IP.
> Dig it:
> On Tue, Aug 30, 2011 at 5:05 PM, John Blackbourn
> <johnbillion+wp at gmail.com> wrote:
>> On 30 August 2011 21:57, Jeremy Felt<jeremy.felt at gmail.com> wrote:
>>> Each SSL certificate *requires* a unique IP address on the server. This is
>>> outside the realm of WordPress configuration. The solution will depend on
>>> your network and server setup.
>> And if you're wondering why this is it's because an SSL connection is
>> negotiated before the request is read, so the server cannot know the
>> hostname being requested until the SSL connection is made. Therefore
>> you can only have one SSL virtualhost per IP address.
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
More information about the wp-hackers