[Zope] SSL over Multiple Zope/Plone sites?

Martijn Pieters mj at zopatista.com
Wed Jan 25 09:43:39 EST 2006


On 1/24/06, michael nt milne <michael.milne at gmail.com> wrote:
> Ok, thanks. The annoying thing is that I am renting a virtual dedicated
> server which allows multiple domain names obviously but not multiple IP
> addresses. Or it probably costs more for that. Do you reckon SSL will ever
> be available for virtual single IP based hosts?

No, because it is a technical limitation. The SSL certificate is used
to encrypt the channel to the client. As the named virtual host
selection is based on the Host header sent over this encrypted
channel, you cannot use a SSL certificate per named virtual host.
Hence the limitation of one SSL certificate per IP address.

You can work around this limitation if all your virtual hosts share
the same top-level domain name, by using a wildcard certificate. For
example, for all example.com virtual hosts, one *.example.com SSL
certificate can be used without the browser ever complaining about a
name mismatch.

--
Martijn Pieters


More information about the Zope mailing list