同一 IP 地址和同一埠上的多個 SSL 域？

這是關於在同一 IP 上託管多個 SSL 網站的規範問題。

我的印像是每個 SSL 證書都需要它自己唯一的 IP 地址/埠組合。但是我發布的上一個問題的答案與這種說法不一致。

使用來自該問題的資訊，我能夠獲得多個 SSL 證書以在相同的 IP 地址和埠 443 上工作。鑑於上述假設並被其他人強調每個 SSL 域網站在同一台伺服器需要自己的 IP/埠。

我懷疑我做錯了什麼。可以這樣使用多個 SSL 證書嗎？

有關 Apache 和 SNI 的最新資訊，包括其他 HTTP-Specific RFC，請參閱Apache Wiki

---

僅供參考：TLS 升級的魔力為您帶來“一個 IP 上的多個（不同）SSL 證書”。它適用於較新的 Apache 伺服器 (2.2.x) 和相當新的瀏覽器（不知道我腦海中的版本）。

RFC 2817（在 HTTP/1.1 中升級到 TLS）有血淋淋的細節，但基本上它適用於很多人（如果不是大多數人的話）。不過，您可以使用 openssl 的命令（或任何“足夠老的”瀏覽器）
重現舊的時髦行為。s_client

編輯添加：顯然curl可以比openssl更好地向您展示這裡發生的事情：

---

SSLv3

mikeg@flexo% curl -v -v -v -3 https://www.yummyskin.com
* About to connect() to www.yummyskin.com port 443 (#0)
*   Trying 69.164.214.79... connected
* Connected to www.yummyskin.com (69.164.214.79) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /usr/local/share/certs/ca-root-nss.crt
 CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*    subject: serialNumber=wq8O9mhOSp9fY9JcmaJUrFNWWrANURzJ; C=CA; 
             O=staging.bossystem.org; OU=GT07932874;
             OU=See www.rapidssl.com/resources/cps (c)10;
             OU=Domain Control Validated - RapidSSL(R);
             CN=staging.bossystem.org
*    start date: 2010-02-03 18:53:53 GMT
*    expire date: 2011-02-06 13:21:08 GMT
* SSL: certificate subject name 'staging.bossystem.org'
      does not match target host name 'www.yummyskin.com'
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
curl: (51) SSL: certificate subject name 'staging.bossystem.org'
does not match target host name 'www.yummyskin.com'

---

TLSv1

mikeg@flexo% curl -v -v -v -1 https://www.yummyskin.com
* About to connect() to www.yummyskin.com port 443 (#0)
*   Trying 69.164.214.79... connected
* Connected to www.yummyskin.com (69.164.214.79) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /usr/local/share/certs/ca-root-nss.crt
 CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*    subject: C=CA; O=www.yummyskin.com; OU=GT13670640;
             OU=See www.rapidssl.com/resources/cps (c)09;
             OU=Domain Control Validated - RapidSSL(R);
             CN=www.yummyskin.com
*    start date: 2009-04-24 15:48:15 GMT
*    expire date: 2010-04-25 15:48:15 GMT
*    common name: www.yummyskin.com (matched)
*    issuer: C=US; O=Equifax Secure Inc.; CN=Equifax Secure Global eBusiness CA-1
*    SSL certificate verify ok.

引用自：https://serverfault.com/questions/109800