[wp-hackers] SSL Domain Mapping with WP Multisite
wp-hackers at thecodecave.com
Mon Jun 4 14:55:06 UTC 2012
Here's the issue: in order to have completely secure communication,
Apache only uses the IP address/port of inbound communication to
identify the traffic destination and send the correct certificate and
So if you are hosting multiple sites on the same IP address, Apache
won't know which certificate to send. Apache will do the only thing it
can and send the first/default certificate for that IP in order to try
to be secure. If you have dozens of sites, chances are the
communication isn't for the first vhost you have configured and so the
certificate will be wrong.
However once you understand what it is doing, it allows you to get
around the problem and serve multiple secure domains using vhost. What
you MUST do is configure your certificate to validate for all of the
domains (straight domain and www or *) that will be served under that IP
address. You can configure a certificate for any number of sites, but
I've been told to limit it to a couple dozen to be practical - you never
know how the client/browser will handle a large number of sites in a
If you have more than a couple dozen sites, then serve the remaining
sites under a different IP address with another certificate for the next
dozen or two sites. Creating this many certificates could become
expensive, so I recommend that you get certified through StartSSL.com
and become your own notary in order to issue your own certificates, as I
Apache will yell at you that you've configured your sites incorrectly,
in most cases that would be true. It's unusual for a certificate to span
multiple sites and a new release of Apache could change this behaviour.
However: Yes, I have done it and that's how I did it.
On 6/4/2012 9:40 AM, SWORD Studios wrote:
> I'm looking to host a couple hundred sites on a WordPress Multisite
> Network. Each site will have it's own mapped domain. I've done all this
> many many times.
> My new issue is that about a dozen of these sites need SSL to be compliant
> (with their industry manufacturers). I'm having some real issues
> accomplishing https://domain.com as a mapped domain to these sites.
> Everything I've read (some links below) makes it seem possible as long as
> you are using SNI or a WildCard SSL to support multiple ssl's on the same
> I'm looking for a real solution to this problem. I've spent hours reading
> many forum posts, articles, tutorials and everything seems to be
> theoretical. I have yet to see anyone actual say "Yes I've done this and
> this is how I did it." Has anyone actually accomplished this task? If
> not can anyone provide me with instructions on how to move forward.
> Thank you in advance for any help.
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers