depending on your dns name flexability, another possible alternative is to use site names like bob.example.com and alice.example.com then you can run both via a single wildcard SSL cert "*.example.com" on the single IP address.
/Pete On 14. apr. 2011, at 20:45, Matthew Dempsky <matt...@dempsky.org> wrote: > On Thu, Apr 14, 2011 at 11:36 AM, Matthew Dempsky <matt...@dempsky.org> wrote: >> On Thu, Apr 14, 2011 at 11:09 AM, Kevin Chadwick <ma1l1i...@yahoo.co.uk> wrote: >>> Are you sure you want to do this. Do you want any ssl on these sites, >>> because you'll need ugly :port on your ssl urls if you do. >> >> Using Subject Alternative Names, you can get a single SSL certificate >> that covers multiple hostnames. > > Alternatively, if someone adds SNI support to relayd, then you could > still use multiple distinct SSL certificates as well. The version of > OpenSSL in base already supports SNI. > > Also, both of these solutions assume relayd is the SSL termination > point for both web sites. If instead you want the backends to be > responsible for handling SSL, then yeah, you need to use separate IP > addresses or ports.