Thanks for the replies, Jason and Bryan. I particularly like Bryan's #3.
I think it's interesting that you both addressed a web (https) context.
SSL is used with email protocols as well (imaps, pop3s), although smtps
is deprecated and TLS is favored these days (for good reasons).
Perhaps the statement I had a problem with is just not very meaningful
without further context.
--
-Eric 'shubes'
Bryan O'Neal wrote:
> Yes and no
>
> Ok - here is the quick break down - Authentication and verification
> happen at the same time - For the most part the web is IP based - Thus
> if I am looking for Jack @ 129.81.56.31 and Jilly @ 129.81.56.31 your
> going to confuse the hell out of the web server that has a cert for
> Bob.
>
> Solution 1: L3 routers with Nat that can address a request for
> Jill.mydomain.com and point to the correct internal IP even when Jill,
> Jack, and Bob are all pointing to the same external IP
>
> Solution 2: Use different port numbers
>
> Solution 3: Use SNI (Server Name Indications) to have Apache check the
> name then pass to the VHost for authentication and verification.
>
> I personally recommend solution 3 but be aware the user will require a
> "modern" browser and, in the case of a Mac, a newer OS for this to
> work.
>
> On Fri, Aug 13, 2010 at 1:51 PM, Eric Shubert <ejs@shubes.net> wrote:
>> I don't necessarily believe everything I see, and would like to check on
>> something I read.
>>
>> Is the following statement true or false?
>>
>> "SSL requires a distinct outbound IP for every distinct certificate
>> (different domain name)."
>>
>> My understanding is that multiple hosts with distinct certificates could
>> coexist behind a NAT'd firewall on a single public address and still provide
>> SSL connections via the public address.
>>
>> Would someone who's more knowledgeable than I about this care to shed some
>> light on the subject?
>>
>> --
>> -Eric 'shubes'
>>
>> ---------------------------------------------------
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss