On Tue, Oct 22, 2013 at 10:08 AM, Chris Gordon <cgor...@aires.com> wrote:
> To answer your questions: > *"Doesn't the SSLCertificate parameter for each VH say which cert to use*? > > > Yes, but how does Apache know which VH to get the cert from until it has > used a cert to decrypt the SSL? It just used the first cert in this case. > IP Bases will get you around this. I said chicken - egg because Apache > needs to read a header to know what VH to use but it can't read the header > until it picks a vhost and uses the cert to decrypt the message. > > As I already pointed out, this is not correct. SNI > support<http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI> has been included in Apache for years as have most browsers (except Windows XP). - Y
