Re: ssl branch compile problems

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 12 Feb 2001 23:57:42 +0100

Robert Collins wrote:

> > Note: Due to the way SSL works, only one visible
> > certificate/domain can
> > be supported per ip:port. The SSL handshake is taking place
> > before it is
> > known which domainname the user has requested.
>
> So do most server farms use one SSL certificate per host, rather than
> signing per domain?

Well.. one accelerator/server might be for several domains, even if
there is actually only one server involved. A example is

  www.example.com
  www.example.se
  www.example.net
  www.example.co.uk

This requires 4 certificates, on 4 different IP addresses.

In the case I have been involved they planned on building an accelerator
listening on three domains, and splitting the content on URL-path
between a number of backend servers. Unfortunately this was before the
SSL patch to Squid so they had to look for some other solution.

/Henrik
Received on Mon Feb 12 2001 - 16:37:32 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:30 MST