Re: OT (slightly): SSL Requirement

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Bryan O'Neal
Date:  
To: Main PLUG discussion list
Subject: Re: OT (slightly): SSL Requirement
Yes and no

Ok - here is the quick break down - Authentication and verification
happen at the same time - For the most part the web is IP based - Thus
if I am looking for Jack @ 129.81.56.31 and Jilly @ 129.81.56.31 your
going to confuse the hell out of the web server that has a cert for
Bob.

Solution 1: L3 routers with Nat that can address a request for
Jill.mydomain.com and point to the correct internal IP even when Jill,
Jack, and Bob are all pointing to the same external IP

Solution 2: Use different port numbers

Solution 3: Use SNI (Server Name Indications) to have Apache check the
name then pass to the VHost for authentication and verification.

I personally recommend solution 3 but be aware the user will require a
"modern" browser and, in the case of a Mac, a newer OS for this to
work.

On Fri, Aug 13, 2010 at 1:51 PM, Eric Shubert <> wrote:
> I don't necessarily believe everything I see, and would like to check on
> something I read.
>
> Is the following statement true or false?
>
> "SSL requires a distinct outbound IP for every distinct certificate
> (different domain name)."
>
> My understanding is that multiple hosts with distinct certificates could
> coexist behind a NAT'd firewall on a single public address and still provide
> SSL connections via the public address.
>
> Would someone who's more knowledgeable than I about this care to shed some
> light on the subject?
>
> --
> -Eric 'shubes'
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss