[rt-users] RT using SSL
Jorey Bump
list+rt at joreybump.com
Mon Dec 8 11:16:36 EST 2003
Vivek Khera wrote:
>>>>>>"BM" == Bill McGonigle <bill at zettabyte.net> writes:
>
>
> BM> Hi, Leon,
> BM> To the best of my knowledge you can't do virtualhosting with SSL.
In fact, most SSL is done in a virtual host container (at least with
apache, it is).
> yes, you can. you cannot do *name-based* virtuals -- they must be
> IP-based as you've pointed out.
But don't interpret this to mean that you can have only one SSL host (or
hostname) per IP address. Technically, the only difference between IP-
and name-based hosts is that name-based hosts can share the same port on
the same IP. It's up to the browser to ask the server for the right
host, otherwise it will serve the default.
This means that you can set up multiple SSL hosts on the same IP if they
listen on different ports:
https://www.example.com (listens on standard port 443)
https://support.example.com:444
Both hostnames resolve to the same IP, but have their own virtual host
container, so they are able to serve up their own certificates. Most
people would want to use the nonstandard port for internal use only,
such as with a trouble ticket system. ;)
More information about the rt-users
mailing list