2

We run cent os, plesk with apache and php, mysql. There are around 25 sites and each of them need an SSL certificate now. The host cannot have more than 16 IPs on the same server. Is it possible to have all these sites use just one IP address and have SSL certificate setup for each site?

If yes, please let me know how I can set this up.

Thanks

Improve this question

3 Answers 3

Reset to default
4

You can do it with SNI technology http://en.wikipedia.org/wiki/Server_Name_Indication but it doesn't work with all the available browsers. Check if your clients and your servers support it. For example, Apache on Debian Lenny does not support it.

Improve this answer
3
  • So do we need 25 IP address to reliably have 25 SSL certificate enabled websites? Commented May 17, 2010 at 16:34
  • Don't cry but yes. Except if all the sites are from the same (sub-)domain and you can have a certificate for all the sites of this subdomain. It is named a wildcard certificate Commented May 17, 2010 at 16:55
  • You don't necessarily need 25 IP addresses... Another alternative (and one supported by most browsers) is to use a certificate with multiple Subject Alternative Names (SANs), sometimes referred to as a Unified Communications (UC) certificate (Exchange 2007 and 2010 use them to support UC). Unlike a wildcard certificate, a SAN certificate would allow you to support multiple root domains (e.g. www.foo.com and www.bar.com). SAN certs are available from several trusted CAs (e.g. DigiCert at a reasonable cost; even free ones from StartCom... see startssl.com). Commented Jun 3, 2010 at 19:01
2

Most things in the other answer are correct.

However with debian lenny it IS possible to implement SNI (on the server side!) - but be aware of the fact that this is experimental. You have to use libapache2-mod-gnutls which uses GnuTLS instead of OpenSSL. For an example see: http://www.der-eremit.de/ssl-enabled-name-based-virtual-hosts-with-mod_gnutls/

Improve this answer
1
  • Note that at the moment, Parallels doesn't officially support SNI on their Plesk system. I'm sure with some elbow grease and custom Apache / OpenSSL compiling, you can make it work. Commented Jun 19, 2010 at 2:27
0

If you cannot do SNI or similar configurations, keep in mind that you can have 25 sites in a single IP address with their 25 separate certificates. You need to make your 25 SSL (HTTPS) servers listen on 25 different ports and have your HTTP listener redirect to the corresponding HTTPS server using mod_rewrite for each virtual host.

Improve this answer
2
  • 1
    Then, also keep in mind that this way it is not possible to directly visit yourdomain.com (ok, one of them that is on port 443 will work) and that corporate firewalls often block outgoing traffic not on port 80 or 443. Commented Mar 7, 2011 at 17:52
  • Just a clarification in the comment above because the SF editor crunched it: You cannot visit directly https :// yourdomain.com. In such cases have the server listening on port 443 redirect to a directory containing links to the 25 servers. Commented Mar 7, 2011 at 18:28

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.