Wednesday, August 17, 2011

VirtualHosts and SSL

Due to limitation of SSL protocol, It is impossible to host more than one SSL Virtualhosts on the same ip address and port. The limitation of SSL protocol is that. Apache needs to know the name of host in order to select correct certificate. The name of host part encapsulated inside HTTP Request Header , which is encrypted content. Since host name part will not revealed unless encryption channel get established so it's not possible to create multiple SSL Virtualhost on one ip and port.

Apache allow to configure name-based virtual host, but it always use configuration of first configured virtual host ssl settings for rest of virtual hosts. Logically you can say SSL create encryption layer between client and server on which traffic for all the virtual hosts can move. In reality it doesn't create any sort of encryption channel between client and virtual host. All the virtual hosts of configured apache server will use same SSL certificate for encryption, it may acceptable in many circumstances. But the need of independent SSL Certificate for virtual hosts are also very common.