[wp-hackers] SSL Domain Mapping with WP Multisite

Bryan Petty bryan at ibaku.net
Mon Jun 4 15:21:12 UTC 2012

On Mon, Jun 4, 2012 at 8:46 AM, Dion Hulse (dd32) <wordpress at dd32.id.au> wrote:
> The only catch is that at the server level, you need to ensure that
> all VirtualHost's for the domains map into the same common web
> directory (And yes, If you're using Apache, I believe you'd need a
> seperate VirtualHost for every domain so that you can define the
> domains SSL certs).

In both Nginx and Apache, as long as all domains are being mapped to
the same document root directory, and they all use the same SSL
certificate (i.e. this will *have* to be wildcard), and they are on
the same IP address, then you can still use the same <VirtualHost>
definition for everything by using ServerAlias in Apache (wildcards
being supported too: *.example.com), or just as additional domains
(again with wildcards, or full regex) listed on "server_name" in
Nginx. In fact, Nginx can get around the same document root directory
requirement in a single virtual host definition ( server{} ) where
Apache can't.

If any one of those rules is broken, you will be forced to use
multiple vhosts, and very likely will be required to use multiple IP
addresses per domain (at least at a load balancer if not at the web

Something to note with SNI is that while it does finally solve the
problem of requiring multiple IP addresses for each unique SSL
certificate (because it's really just a limitation of one certificate
per IP, not actually one domain per IP), SNI is NOT supported by all
browsers and operating systems still. Most notably, it doesn't work in
any version of IE on Windows XP (not even IE8), or Safari on OSX 10.4
and below. So SNI can really still only be used internally under
controlled conditions. For example, you could handle traffic at a load
balancer with SSL termination and re-negotiation - which *is* using
multiple IP addresses, and point them all back to a single IP address
on a web server with SNI configured, but that defeats the purpose of
having multiple SSL certificates.

Bryan Petty

More information about the wp-hackers mailing list