To support more than one SSL virtual host you must have seperate IP
addresses for each.
You can get a wildcard certificate to handle multiple virtual hosts
on one IP. We got ours from QualitySSL. But we are running Orion
on OSX and not Apache.
If this were true than SSL would be broken and the sky would be falling.
I suspect your wildcard certificate permits *.domain.top, not
wildcarding *.top.
The issue here is that in order to determine the certificate to
decrypt the connection you must first know the virtual HOST in
question. Since this is stored in the HTTPS request in the HOST
header (which is encrypted) you have a chicken and egg dilemma. You
can't tell which certificate to use to decrypt the connection w/o
first seeing inside the encrypted payload. So you need to have some
unique method of determining which virtual host's certificate you
should use to decrypt the connection. Any combination of
IP-address:port will work here, but since HTTPS expects a specific
port in general operation you're left with needing unique IP
addresses. This way you can match the connecting IP address and map
that to the right certificate to use.
--
-dhan
------------------------------------------------------------------------
Dan Shoop email@hidden
Consulting Internet Architect email@hidden
AIM: iWiring http://www.iwiring.net/
Skype: danshoop http://www.ustsvs.com/
iWiring designs and supports Internet systems and networks based on
Mac OS X, unix, and Open Source application technologies and offers
24x7, guaranteed support to registered clients, at affordable rates.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
