multiple SSL certs on one server behind a NAT router 4

[milktoast]

I have read up on using multiple SSL certs on one server but the thing that no one addresses is how this works on a server behind a router that uses NAT.

Example

Server 1 has two domains

http://www.foo.com

and

http://www.bar.com

Both are functional using IP based virtual hosts using 192.168.1.50

The server is currently setup so

http://www.foo.com

has a functioning SSL cert and all 443 traffic goes to it.

Now,

http://www.bar.com

wants to have a valid SSL cert.

The way I read that this is done is both foo and bar must have different IP addresses. That is the easy part. I can set up my server to listen to two IPs (192.168.1.50 and 192.168.1.51).

The hard part is the NAT....ALL traffic passes through my router and it has ONE external IP. Do I need to setup the route with a second external IP and pass that traffic to the second internal IP for this to work or can I use one external IP and two internal IPs? How will Apache handle this?

 

[sleipnir214]

Yes, you will need an additional external IP.

Let's assume that you have two sites,

http://www.foo.bar

and

http://www.bar.baz,

and that the two sites share IP addresses. When an HTTP request comes in, the server knows which site is wanted by an HTTP header sent with the request:

Host:

http://www.foo.bar

The server matches the Host: value to a ServerName or ServerAlias value for the configuration of a site.

However, HTTPS must establish its connection before any HTTP headers can be sent. Because of this, the server can't know which site the user wants before using the correct cryptographic keys. So every HTTPS site must be on its own IP address.





Want the best answers? Ask the best questions! TANSTAAFL!