[wp-hackers] SSL Domain Mapping with WP Multisite
Doug Stewart
zamoose at gmail.com
Mon Jun 4 15:01:40 UTC 2012
Not true. SNI (which has some problems under older IE's) has made
multiple SSL certs on one IP possible:
http://en.wikipedia.org/wiki/Server_Name_Indication
On Mon, Jun 4, 2012 at 10:55 AM, Brian Layman
<wp-hackers at thecodecave.com> wrote:
> Here's the issue: in order to have completely secure communication, Apache
> only uses the IP address/port of inbound communication to identify the
> traffic destination and send the correct certificate and begin encryption.
>
> So if you are hosting multiple sites on the same IP address, Apache won't
> know which certificate to send. Apache will do the only thing it can and
> send the first/default certificate for that IP in order to try to be secure.
> If you have dozens of sites, chances are the communication isn't for the
> first vhost you have configured and so the certificate will be wrong.
>
> However once you understand what it is doing, it allows you to get around
> the problem and serve multiple secure domains using vhost. What you MUST do
> is configure your certificate to validate for all of the domains (straight
> domain and www or *) that will be served under that IP address. You can
> configure a certificate for any number of sites, but I've been told to limit
> it to a couple dozen to be practical - you never know how the client/browser
> will handle a large number of sites in a certificate.
>
> If you have more than a couple dozen sites, then serve the remaining sites
> under a different IP address with another certificate for the next dozen or
> two sites. Creating this many certificates could become expensive, so I
> recommend that you get certified through StartSSL.com and become your own
> notary in order to issue your own certificates, as I have.
>
> Apache will yell at you that you've configured your sites incorrectly, in
> most cases that would be true. It's unusual for a certificate to span
> multiple sites and a new release of Apache could change this behaviour.
> However: Yes, I have done it and that's how I did it.
>
> Brian Layman
>
>
>
> On 6/4/2012 9:40 AM, SWORD Studios wrote:
>>
>> I'm looking to host a couple hundred sites on a WordPress Multisite
>> Network. Each site will have it's own mapped domain. I've done all this
>> many many times.
>>
>> My new issue is that about a dozen of these sites need SSL to be compliant
>> (with their industry manufacturers). I'm having some real issues
>> accomplishing https://domain.com as a mapped domain to these sites.
>> Everything I've read (some links below) makes it seem possible as long as
>> you are using SNI or a WildCard SSL to support multiple ssl's on the same
>> IP.
>>
>> I'm looking for a real solution to this problem. I've spent hours reading
>> many forum posts, articles, tutorials and everything seems to be
>> theoretical. I have yet to see anyone actual say "Yes I've done this and
>> this is how I did it." Has anyone actually accomplished this task? If
>> not can anyone provide me with instructions on how to move forward.
>>
>> Thank you in advance for any help.
>>
>>
>> http://wordpress.org/support/topic/plugin-wordpress-mu-domain-mapping-ssl-and-mapped-domain
>>
>>
>> http://wordpress.org/support/topic/plugin-wordpress-mu-domain-mapping-ssl-with-mapped-domain
>>
>> http://lists.automattic.com/pipermail/wp-hackers/2011-August/040649.html
>>
>> Jesse
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
--
-Doug
More information about the wp-hackers
mailing list