[wp-hackers] SSL Domain Mapping with WP Multisite

Doug Stewart zamoose at gmail.com
Mon Jun 4 15:01:40 UTC 2012

Not true. SNI (which has some problems under older IE's) has made
multiple SSL certs on one IP possible:

On Mon, Jun 4, 2012 at 10:55 AM, Brian Layman
<wp-hackers at thecodecave.com> wrote:
> Here's the issue: in order to have completely secure communication, Apache
> only uses the IP address/port of inbound communication to identify the
> traffic destination and send the correct certificate and begin encryption.
> So if you are hosting multiple sites on the same IP address, Apache won't
> know which certificate to send.  Apache will do the only thing it can and
> send the first/default certificate for that IP in order to try to be secure.
>  If you have dozens of sites, chances are the communication isn't for the
> first vhost you have configured and so the certificate will be wrong.
> However once you understand what it is doing, it allows you to get around
> the problem and serve multiple secure domains using vhost.  What you MUST do
> is configure your certificate to validate for all of the domains (straight
> domain and www or *) that will be served under that IP address.  You can
> configure a certificate for any number of sites, but I've been told to limit
> it to a couple dozen to be practical - you never know how the client/browser
> will handle a large number of sites in a certificate.
> If you have more than a couple dozen sites, then serve the remaining sites
> under a different IP address with another certificate for the next dozen or
> two sites.  Creating this many certificates could become expensive, so I
> recommend that you get certified through StartSSL.com and become your own
> notary in order to issue your own certificates, as I have.
> Apache will yell at you that you've configured your sites incorrectly, in
> most cases that would be true. It's unusual for a certificate to span
> multiple sites and a new release of Apache could change this behaviour.
>  However: Yes, I have done it and that's how I did it.
> Brian Layman
> On 6/4/2012 9:40 AM, SWORD Studios wrote:
>> I'm looking to host a couple hundred sites on a WordPress Multisite
>> Network.  Each site will have it's own mapped domain.  I've done all this
>> many many times.
>> My new issue is that about a dozen of these sites need SSL to be compliant
>> (with their industry manufacturers).  I'm having some real issues
>> accomplishing https://domain.com as a mapped domain to these sites.
>>  Everything I've read (some links below) makes it seem possible as long as
>> you are using SNI or a WildCard SSL to support multiple ssl's on the same
>> IP.
>> I'm looking for a real solution to this problem.  I've spent hours reading
>> many forum posts, articles, tutorials and everything seems to be
>> theoretical.  I have yet to see anyone actual say "Yes I've done this and
>> this is how I did it."   Has anyone actually accomplished this task?    If
>> not can anyone provide me with instructions on how to move forward.
>> Thank you in advance for any help.
>> http://wordpress.org/support/topic/plugin-wordpress-mu-domain-mapping-ssl-and-mapped-domain
>> http://wordpress.org/support/topic/plugin-wordpress-mu-domain-mapping-ssl-with-mapped-domain
>> http://lists.automattic.com/pipermail/wp-hackers/2011-August/040649.html
>> Jesse
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list