Joseph Mack NA3T wrote: > I don't suppose you know if you can run two https sites with > the same IP (like you can for http)?
Short answer: no. Longer answer: no, because the certificate for a connection must be chosen before the TLS session is established (the TLS handshake requires the certificate and key); only then can the HTTP/1.1 Host: header be sent across. This means the certificate must be hard-coded in the config of the application providing the TLS environment (Apache, for example, puts it into the VirtualHost context). Slightly different short answer: you can if you bind the VirtualHost to different ports (443 is IANA default for https but you can run it *anywhere you want*. Just don't expect the clients to use one that's not on port 443 :) Very different answer: you can if you use TLS/SNI. See: http://www.rfc-archive.org/getrfc.php?rfc=3546 This extends the TLS handshake to include several extended attributes, among the server_name. Guess what that gets used for? Unfortunately RFC3546 only got passed from draft to standard four and a half years ago, do don't go expecting widespread client and server support just yet ;-) Pardon the glib comment; it just isn't very widely used yet, although an increasing range of browsers can support it. It's the server end that's dragging - have a Google around, and you'll see what I mean. Graeme _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
