1

I'm totally new in virtualization but I was wondering if this was possible.

I know using multiple SSL on one host is not simply possible (require wildcard ssl or some odd manipulation apparently not functional on every browser).

So, I was thinking about creating multiple virtualized server, with, for each, an instance of an apache or nginx server, with different SSL certificates.

But is this possible?

To be clear, here is a schema:

   Host A (ip: 1.2.3.4)
       Virtual server 1 with NGinx
           For: https://www.example.com (with SSL for www.example.com)
           For: http://www.exp.com

       Virtual server 2 with NGinx
           For: https://www.anotherexample.com (with SSL for www.anotherexample.com)
           For: http://www.anoexp.com
           For: http://www.anoexp2.com

       Etc

Where it struck me, it's that from what I learned, SSL certificate starts BEFORE sending the hostname to the server, so the server (virtual or not), don't know where to address the request and doing so, don't know which certificate use.

To be the most concise possible, I'd like to use two distinct https website on my only one server and I was hoping it was possible using virtualization, but I don't know anything technical about it.

Sorry if I'm not very clear, it's also a bit confuse for me too.

Thank you for your help, I appreciate!

Max Alginin
  • 3,284
  • 15
  • 11
Cyril N.
  • 624
  • 1
  • 10
  • 36

3 Answers3

4

I think you have a bit of a misunderstanding of a few things.

1) The most widely supported SSL implementations require 1 certificate per IP not per host. You can have a single server with multiple IPs and host different sites on each IP and assign different SSL certs to each without issue.

2) In a virtualized environment, each of your VMs will have different IPs and hostnames, they won't share an IP with the host in most circumstances.

All that #2 is doing is taking the long way to #1. If you don't require the logical separation that #2 provides, you should stick with #1.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • Indeed, I didn't thought about having multiple IP for the same host. It never cross my mind but well, it's logical :) – Cyril N. Jun 02 '11 at 13:45
1

Yes this is possible with and without virtualization. You're not limited to a single SSL site per server. With traditional technology, you're limited to a single SSL site (one certificate, potentially multiple sites...) per IP address.

SNI is changing that, allowing multiple certificates basically by sending the Host header before negotiating SSL or TLS. It is not widely adopted yet, and you really can't rely on John Public to have the necessary technology (though for internal use you might be able to control the environment enough to make it work reliably).

Chris S
  • 77,945
  • 11
  • 124
  • 216
  • SNI! That's what I was referring too! :) Thanks for your reply. The other answer is more detailled for my need, but I upvote yours regarding your details about SNI. Thanks! :) – Cyril N. Jun 02 '11 at 13:46
0

Seems you should assign a separate IP address for every HTTPS server or just use a SSL certificate with several names

Check this document: http://nginx.org/en/docs/http/configuring_https_servers.html

Sergey
  • 2,121
  • 15
  • 14