Comments on: Setting up multiple SSL domains on Amazon EC2 (one IP/Port)

By: Tom

Tom — Fri, 23 Oct 2009 08:40:40 +0000

Chris: hackers doing reconnaissance.

By: Mark

Mark — Fri, 24 Jul 2009 23:17:17 +0000

Maybe you can comment if this ho-to could be considered to be the recommended method of using multiple certs??

Disclaimer: I haven’t tried this on EC2 yet – I’m in the middle of another task – but this is an itch I think I will have.
In case it does work or lead to something that does….

It would be useful if anyone can confirm this ‘cookbook’ provides the recommended method

http://www.ehow.com/video_5204262_configure-server-name-indication-sni.html

Summary: Running multiple SSL virtual hosts on a single IPaddress has been a problem in the web hosting realm over the years.This becomes even more of a problem in the age of cloud computing. Thisarticle describes exactly how to configure a common web server scenario(Linux, Openssl, Nginx) to support multiple SSL virtual hosts on asingle IP address.

By: Miles

Miles — Thu, 09 Apr 2009 06:44:25 +0000

I’m sure this is all well and good for ISPConfig, but the assumption that you can have multiple name based vhosts for the same IP using ssl is just false. Apache will take the first ssl vhost for an IP and ignore all the others for the same IP. The main reason for this is that the header is encrypted when the packets are received. It is only after they have been processed by a vhost and decrypted that you even get to see what domain was referenced in the header. Now there are hacks out there that use mod_rewrite to accomplish this, but someone needs to update the article so people aren’t being given miss information.

By: Murat Ayfer

Murat Ayfer — Thu, 20 Nov 2008 00:18:05 +0000

Brandon:

digicert’s UCC certificates are pretty painless, and as far as i know, you only have to validate your new domain, but i’m not 100% sure. digicert has good customer support, i usually contact them through the web chat they have on their site. they usually respond pretty fast, so i recommend doing that if you need to know for sure.

Ralph:

i just downloaded version 2.2.27, and yes, it seems that they have totally changed that bit of code. have you tried adding multiple SSL sites without hacking ISPConfig in case they just got rid of that restriction?

i don’t exactly know how this version can be modified. i’ll let you know if i find a solution.

By: Ralph Manning

Ralph Manning — Fri, 14 Nov 2008 04:45:06 +0000

Hi!

We seem to have a problem (we think) when trying to configure this solution.

Ww are unable to find the code in section 2 of step 3, where you say to comment out ‘$ssl_count = $go_api->db->queryOneRecord(“SELECT count(doc_id) as ssl_co …’.

As your article was posted 5 months ago, and ISPConfig has released a new 2x update (2.2.27, is it possible that they responded to your article and removed the code themselves?

Thanks for your help, and expeditious reply!

Have a nice day!

Ralph