[wp-hackers] WordPress multisite, Domain mapping and SSL

Eric Mann eric at eam.me
Wed Aug 31 21:30:21 UTC 2011


Care to document the exact steps you took somewhere?  I'm sure this will
come up again in the future as more of us attempt to enable SSL on shared
systems/multisite.  Maybe on your blog or somewhere in the Codex?

On Wed, Aug 31, 2011 at 11:22 AM, James Tryon <james at easilyamusedinc.com>wrote:

> Thank for all the help guys, could not have done it with out you ;c )
>
> If you force the domain to IP mapping on the server it allowed the
> certificates to work properly.
>
> Problem fixed.
> James Tryon
>
>
> On Aug 31, 2011, at 12:20 AM, Brian Layman wrote:
>
> > And prior to this, Apache would indeed always serve the first certificate
> associated with that  IP address.
> >
> > So the real restriction was 1 certificate for IP address, and not that
> you couldn't serve multiple vhosts securely.  So there was a work around if
> you were tricky.
> >
> > You could create/purchase a certificate with each domain and the wildcard
> for the domain (example.com *.example.com example2.com *.example2.com),
> and thus you would always serve the valid certificate.
> >
> > I can issue signed Class 2 certificates, and was able to get this to test
> this and got it work with a fair number of domains on the single
> certificate.  Apache would throw up warnings at restart (that it wouldn't be
> serving the configured certificates), but they could just be ignored.  If it
> serves the one certificate, and it's the right one, that's all you need.
> >
> > That said, you'd probably be better off with multiple IP addresses or
> SNI. It's not cost effective for most people to purchase certificates in
> that fashion, so this "feature" isn't often used. And any little known
> feature may evaporate due through disuse. (Though if anyone did want to try
> this for fun, and or money is the driving factor, you could always become a
> StartSSL.com Verified partner and issue the certificates yourself upon
> demand).
> >
> > -
> > Brian Layman
> >
> > On 8/30/2011 9:11 PM, Doug Stewart wrote:
> >> Not entirely true. Apache after 2.2.12 supports SNI (Server Name
> >> Indication) which allows for multiple SSL certs per IP.
> >>
> >> Dig it:
> >> http://en.wikipedia.org/wiki/Server_Name_Indication
> >>
> >> On Tue, Aug 30, 2011 at 5:05 PM, John Blackbourn
> >> <johnbillion+wp at gmail.com>  wrote:
> >>> On 30 August 2011 21:57, Jeremy Felt<jeremy.felt at gmail.com>  wrote:
> >>>> James,
> >>>>
> >>>> Each SSL certificate *requires* a unique IP address on the server.
> This is
> >>>> outside the realm of WordPress configuration. The solution will depend
> on
> >>>> your network and server setup.
> >>> And if you're wondering why this is it's because an SSL connection is
> >>> negotiated before the request is read, so the server cannot know the
> >>> hostname being requested until the SSL connection is made. Therefore
> >>> you can only have one SSL virtualhost per IP address.
> >>> _______________________________________________
> >>> wp-hackers mailing list
> >>> wp-hackers at lists.automattic.com
> >>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>
> >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list