Dan Brown wrote:
>
> I don't think it's possible, not with SME nor with any other
> system that uses a single IP for multiple hosts. You'd
> either need to keep the secure part on a single domain, or
> instruct the users to ignore the errors.
That's what I thought was the case. But - is there any merit to looking into modifying the Apache configs to listen on different ports? I found this reference at Apache.org:
-------
"The reason (virtual name-based hosts doesn't work) is that the SSL protocol is a separate layer which encapsulates the HTTP protocol. So the problem is that the SSL session is a separate transaction that takes place before the HTTP session even starts. Therefore all the server receives is an SSL request on IP address X and port Y (usually 443). Since the SSL request does not contain any Host: field, the server has no way to decide which SSL virtual host to use. Usually, it will just use the first one it finds that matches the port and IP address.
You can, of course, use Name-Based Virtual Hosting to identify many non-SSL virtual hosts (all on port 80, for example) and then you can have no more than 1 SSL virtual host (on port 443). But if you do this, you must make sure to put the non-SSL port number on the NameVirtualHost directive, e.g.
NameVirtualHost 192.168.1.1:80
Other workaround solutions are:
- Use separate IP addresses for different SSL hosts.
- Use different port numbers for different SSL hosts."
---------
In particular the last workaround - using different ports - would that be extremely difficult in this environment?