Friday, August 19, 2011

How to configure multiple vhosts with SSL ?

The problem is that in order to know from which virtual host to serve content a

webserver must inspect the "host" header. This is part of the http

request. However the SSL handshake takes place before any http request

is initiated. In order to complete the handshake the webserver needs

to know which SSL certificate to use. Since the websever can't yet

know which virtual host content is being requested from it uses the

certificate of the first host. It's really a limit of the protocol, not the server.

However the latest version of the HTTPS protocol includes SNI, which

permits a client to transmit to the host the name of the virtualhost

it wants to contact during the SSL handshake. So what you need to do

is make sure you have the very latest apache, compiled with the latest

openssl libraries, and use a recent webbrowser.