[wp-hackers] WordPress multisite, Domain mapping and SSL

James Tryon james at easilyamusedinc.com
Wed Aug 31 18:22:54 UTC 2011 

Thank for all the help guys, could not have done it with out you ;c )

If you force the domain to IP mapping on the server it allowed the certificates to work properly.

Problem fixed.
James Tryon


On Aug 31, 2011, at 12:20 AM, Brian Layman wrote:

> And prior to this, Apache would indeed always serve the first certificate associated with that  IP address.
> 
> So the real restriction was 1 certificate for IP address, and not that you couldn't serve multiple vhosts securely.  So there was a work around if you were tricky.
> 
> You could create/purchase a certificate with each domain and the wildcard for the domain (example.com *.example.com example2.com *.example2.com), and thus you would always serve the valid certificate.
> 
> I can issue signed Class 2 certificates, and was able to get this to test this and got it work with a fair number of domains on the single certificate.  Apache would throw up warnings at restart (that it wouldn't be serving the configured certificates), but they could just be ignored.  If it serves the one certificate, and it's the right one, that's all you need.
> 
> That said, you'd probably be better off with multiple IP addresses or SNI. It's not cost effective for most people to purchase certificates in that fashion, so this "feature" isn't often used. And any little known feature may evaporate due through disuse. (Though if anyone did want to try this for fun, and or money is the driving factor, you could always become a StartSSL.com Verified partner and issue the certificates yourself upon demand).
> 
> -
> Brian Layman
> 
> On 8/30/2011 9:11 PM, Doug Stewart wrote:
>> Not entirely true. Apache after 2.2.12 supports SNI (Server Name
>> Indication) which allows for multiple SSL certs per IP.
>> 
>> Dig it:
>> http://en.wikipedia.org/wiki/Server_Name_Indication
>> 
>> On Tue, Aug 30, 2011 at 5:05 PM, John Blackbourn
>> <johnbillion+wp at gmail.com>  wrote:
>>> On 30 August 2011 21:57, Jeremy Felt<jeremy.felt at gmail.com>  wrote:
>>>> James,
>>>> 
>>>> Each SSL certificate *requires* a unique IP address on the server. This is
>>>> outside the realm of WordPress configuration. The solution will depend on
>>>> your network and server setup.
>>> And if you're wondering why this is it's because an SSL connection is
>>> negotiated before the request is read, so the server cannot know the
>>> hostname being requested until the SSL connection is made. Therefore
>>> you can only have one SSL virtualhost per IP address.
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>> 
> 
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list