Quote:
SSL web sites cannot share an IP address with other SSL web sites
Nitpicking a little, since I know you understand this, Bitt: an SSL site cannot share an IP address *and* port number with another SSL site. You can run multiple SSL sites on the same IP, provided they're using different port numbers.
For anyone else interested in the details (quiet day at work today), the problem stems from the following:
In order to support multiple sites on one IP, HTTP requires that the client put the desired site name in the HTTP request. The web server looks at this and grabs the relevant content.
HTTPS encrypts the entire request. In order to figure out which site it's for, the server needs to decrypt it. To decrypt it, the server needs to know which site it's for. Chicken and egg.
The only way to disambiguate requests (to work out decryption key to use) is to limit the web server to one SSL site per IP/port combination.
_________________________
--
roger
Previous Topic
Index
