Hi Nuno, > go about it? My current idea was to have AOLserver listen on two distinct > IPs (one for each domainname) and have two nsssl sections configured, one > for each IP, but I'm not sure if this will work.
This is the only way I know of that it will work. Since the SSL conn must be set up before *any* data crosses the gap, the server/SSL module cannot know beforehand which site the user wants to see, so it has no way to choose the "correct" SSL certificate to use based on the URL. So you cannot have two sites served by the same IP/port combination. Set up your NIC adaptor with two separate IPs. Then one nsopenssl module can listen on 192.168.10.10:443 and the other on 192.168.10.11:443. This is how we did it here with Linux 2.2.x (IPAlias must be installed in the kernel): ifconfig eth0:0 192.168.10.10 route add -host 192.168.10.10 dev eth0:0 Note the ':0' after 'eth0' in both cases; this tells Linux that it's a second IP address. You could put a third on with 'eth0:1'. We didn't run this way for long, it was a test, so you may run into routing or other network-related issues. Surely, it can't be this simple, right? One AOLserver process can run two nsopenssl modules at the same time, you just have to make the second one have a different name, as you said, both in the nsd.tcl file and in the /bin dir. I have our second one called nsopenssl2 in nsd.tcl and I've created a hardlink from /bin/nsopenssl to /bin/nsopenssl2. Hope that helps, /s.
