|
Joseph Mack NA3T wrote:
> I don't suppose you know if you can run two https sites with
> the same IP (like you can for http)?
Short answer: no.
Longer answer: no, because the certificate for a connection must be
chosen before the TLS session is established (the TLS handshake requires
the certificate and key); only then can the HTTP/1.1 Host: header be
sent across. This means the certificate must be hard-coded in the config
of the application providing the TLS environment (Apache, for example,
puts it into the VirtualHost context).
Slightly different short answer: you can if you bind the VirtualHost to
different ports (443 is IANA default for https but you can run it
*anywhere you want*. Just don't expect the clients to use one that's not
on port 443 :)
Very different answer: you can if you use TLS/SNI. See:
http://www.rfc-archive.org/getrfc.php?rfc=3546
This extends the TLS handshake to include several extended attributes,
among the server_name. Guess what that gets used for?
Unfortunately RFC3546 only got passed from draft to standard four and a
half years ago, do don't go expecting widespread client and server
support just yet ;-)
Pardon the glib comment; it just isn't very widely used yet, although an
increasing range of browsers can support it. It's the server end that's
dragging - have a Google around, and you'll see what I mean.
Graeme
|
