Robert Collins wrote:
> > Note: Due to the way SSL works, only one visible
> > certificate/domain can
> > be supported per ip:port. The SSL handshake is taking place
> > before it is
> > known which domainname the user has requested.
>
> So do most server farms use one SSL certificate per host, rather than
> signing per domain?
Well.. one accelerator/server might be for several domains, even if
there is actually only one server involved. A example is
www.example.com
www.example.se
www.example.net
www.example.co.uk
This requires 4 certificates, on 4 different IP addresses.
In the case I have been involved they planned on building an accelerator
listening on three domains, and splitting the content on URL-path
between a number of backend servers. Unfortunately this was before the
SSL patch to Squid so they had to look for some other solution.
/Henrik
Received on Mon Feb 12 2001 - 16:37:32 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:30 MST