SSL Certificates

Having first encounters with the dirty-er side of HTTPS – installing certificates on the server side.

Apache has quite comprehensive documentation and FAQ on how to do this. Not too much of a hassle, if you’re used to dabbling in this kinda stew.

What I missed before I actually went and bought a certificate, is that it would seem that one IP = one domain.

That kinda sucks – see, I only have one IP (for the moment) and my first client needs a cert – which I installed. So now, I won’t be able to set my own cert until I get myself my own IP.

(which means I have to factor renting an IP in my price when selling certificates, but that’s another topic)

Why? Well, here’s the reader’s digest on how I understand it: SSL kicks in before HTTP does. So we negociate a secure connection before we get to know what domain name we’re going to (which is part of the HTTP request).

Therefore, you can only bind on an IP.

Ergo, there can be no different domain names bound under the same IP (except, of course, if you’re willing to use a port other than the standard 443).

Ergo, you’re screwed. You need multiple IPs.

I’ve kinda heard something about “multiple domain certificates”. Is it urban legend? To my understanding, it’d allow for adding a wildcard on subdomains (like *.mydomainnamesucks.org). Not for two different base domain names.

Of course, I beg to be wrong.