All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
SSL: can I use single ip with multiple domains/sub being delivered from the same document root?
I have 1 ip specific virtual host which points to the same root directory regardless of the domain names. In dns 'A' record of multiple domains I have, use the same ip.
What this does is render the page using the same code & we use php to decide what to show depending on the domain name.
Now if I switch to namebased virtual host & write servername for each multiple virtualhost using different certificates everytime can I use this single ip to do the trick?
I understand in ssl nothing except packets & some tech info is passed from client to server without revealing the desired hostname but in my case I do not have the problem of identifying which ip/document root to use bcoz any conversation in that specific ip will lead to the same index.php
Please guide! Any pointers are welcome. Thanks a lot.
Comments
For subdomains you could use a wildcard SSL.
What you need will only work with SNI if you have a single IP address. Check this link for more info:
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
Also, unless something's changed, Windows XP clients won't be able to browse your site with SNI properly; just an FYI.
The problem is: you can't do any browser detection before the SSL-connection is established. So you have to decide if you want to loose some visitors. This includes Windows XP (like @amhoab stated) as well as Android 2.x and Java 1.7. Android 2.x is quite common, even newer devices on the lower price range get shipped with it. However, if you don't plan to support mobile devices, SNI is a way to go.
If you, however, want to support all those devices too, you better set-up a SSL-domain and make your domains available via sub-folders. You just have to rewrite your PHP-script a bit and add a redirect-condition to your Webservers config. What you can do basically is then: https://secure-domain.de serves as the base-domain, and all your projects will then be available via https://secure-domain.de/project1 and https://secure-domain.de/project2. You would then set-up a redirect from http://project1.de to https://secure-domain.de/project1.
AFAIK only XP and IExplorer, Chrome and FF work just fine.
>
But I don't want a redirect u see, all of them r using the same php code, infact they r all served via the same root folder.
That's why you then add a rewrite rule, so that https://secure-domain.de/project1 will be internally rewritten to http://secure-domain.de/index.php?foo=project1.de. Your script can then still have access to the originally requested project1.de-domain.
Oh I get the part where php will decide what to show.
I am interested in knowing whether i can use different ssl certificates on single ip for different domains **if they are being rendered from the same code/document root **?
The SSL connection is made first. Then the browser tells the server what host (domain) it wants to connect to. So it is not possible to serve different SSL certificates based on the domain name unless you use SNI. The drawbacks of SNI are mentioned above by ska and others.
An alternative to SNI is to use a multi domain SSL cert. This is frequently used for Microsoft Exchange so it is marketed for that more than websites but can be used for websites as well. Google for multi domain SSL or see this site:
https://www.gogetssl.com/san-ucc-ssl-certificates/
A downside of using a multi domain cert is that all your domains are publicly associated with one another. This also means that if the SSL cert is compromised all your sites will be affected.
Edit: edited to correct errors.
Yes thats possible. http://blog.ninjahawk.net/cpanel-how-to-install-ssl-on-a-shared-ipno-dedicated-ip/
Thanks @CentrioHost but this isn't about cpanel. I am however buying all of the wildcard ssls from u
>
I know its encrypted but I was thinking(because I dont fully understand how this encryption works), is it not possible for the server to try all the possible variations of a certificate before giving it out the user, isnt there a validation test we can perform & see which one to use ?