AFAIK, SSL is assigned to a single domain name (maybe several subdomains via wildcard).
On the other hand i heard that the webserver does not see the domain before it serves the ssl?
If I have multiple domains running as vhosts on one IP address:
Q1: Can the webserver serve the appropriate respective SSL to the sites?
Q2: Is there a way to have only one multi-domain SSL serving two domains on one IP?
Illuminate me out of confusion brought upon me by this seemingly self-contradictory quote:
Regular SSL Certificates are issued for a single FQDN (Fully Qualified Domain Name). The domain using the certificate has to have its own unique external IP address from which to be served. In practice, this means that if you have multiple domains on a single IP address/server, then you had to install a separate certificate on each domain you wanted to secure.
The reason for this is the use of 'Host-Headers'. They allow a web server to use a single IP address to serve many separate sites with different FQDNs. They do this by identifying the incoming request for a webpage, and routing it to the correct site accordingly.
When an SSL connection is initiated, the server must send a certificate to the client - before it knows the host-header of the request. The only identifying piece of data it has is the requested IP address. As such, two or more sites on one IP address cannot use different SSL certificates....
