How can IHS be configured for multiple SSL certificates (multiple domains) using one IP address only?
You may have the need to secure two or more different domains with SSL, but utilize a single IP address. Thus, you make use of a single (one) IP address for multiple domains with individual SSL certificates. That would mean, for example, www.abc.com would use IP_Address_1 and www.xyz.com using the same IP_Adddress_1 as well.
Multiple SSL certificates using only one IP address is not supported in IHS which is Apache based.
Apache explains the reason for this limitation in this way:
The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP. When an SSL connection (HTTPS) is established mod_ssl has to negotiate the SSL protocol parameters with the client. For this, mod_ssl has to consult the configuration of the virtual server (for instance it has to look for the cipher suite, the server certificate, etc.). But in order to go to the correct virtual server, the web server has to know the Host HTTP header field. To do this, the HTTP request header has to be read. This cannot be done before the SSL handshake is finished, but the information is needed in order to complete the SSL handshake phase.
There is a supported alternate option called SAN (Subject Alternative Name). It is intended to map multiple hostnames to one IP address. Refer "Related URL" section below for instructions.
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.