据我所知,SSL 被分配给单个域名(可能通过通配符分配给多个子域)。
另一方面,我听说网络服务器在提供 ssl 之前看不到域?
如果我有多个域在一个 IP 地址上作为虚拟主机运行:
问题 1:网络服务器能否为网站提供适当的相应 SSL?
问题 2:有没有办法让一个多域 SSL 在一个 IP 上只服务两个域?
让我摆脱这个看似自相矛盾的引述给我带来的困惑:
Regular SSL Certificates are issued for a single FQDN (Fully Qualified Domain Name). The domain using the certificate has to have its own unique external IP address from which to be served. In practice, this means that if you have multiple domains on a single IP address/server, then you had to install a separate certificate on each domain you wanted to secure.
The reason for this is the use of 'Host-Headers'. They allow a web server to use a single IP address to serve many separate sites with different FQDNs. They do this by identifying the incoming request for a webpage, and routing it to the correct site accordingly.
When an SSL connection is initiated, the server must send a certificate to the client - before it knows the host-header of the request. The only identifying piece of data it has is the requested IP address. As such, two or more sites on one IP address cannot use different SSL certificates....
最佳答案
Q1> Web 服务器不需要知道 SSL 证书中嵌入的域。只有浏览器会这样做,因为它是确保证书中的域与地址栏中的域匹配的浏览器。 Web 服务器只提供绑定(bind)到 IP 地址的证书,而不管证书中的域是什么。
Q2> 您描述的是SAN 或UC 证书。它们旨在执行您所说的操作,即允许多个域在一个 IP 地址上共享一个证书。看看这个 link on Subject alternative names了解更多信息
关于多个域的ssl证书,一个IP,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/7552734/