[BlueOnyx:18667] Re: Multiple SSLs under SNI on 5208R

[Michael Stauber]

Hi,

> Could someone clarify how to add multiple SSL certificates on 5208R on 
> the same IP address?

5207R, 5208R and 5209R have SNI working out of the box. So there is no
need to put each SSL enabled sites onto different IP addresses. Instead
you can now enable SSL on as many sites that are on the same IP as you like.

> I'm of the opinion we need seperate certificates for each domain, each 
> uploaded via the admin interface.

Yes, that is the normal way. You can upload the SSL cert for AdmServ
through the GUI. And you can upload the SSL certs for each site(s)
through the GUI. No special tricks needed.

> The problem is that their certificate application process reports that 
> we've already had one for the IP address and refuses to proceed.

Sorry, but then their system sucks. SNI has been around for a while and
with the retirement of Windows XP pretty much any browser out there
should handle SNI. If they have some legacy "certificate application
process" then they've not done their homework. We did ours. ;-)

> Can anyone advise?

If you need SSL certificates, then there are tons of places where you
can get them from. There are cheap SSL certificates available that
usually require one or two intermediates and are just "domain validated"
and for a single domain. They go for around 15 Dollar a year depending
on where you buy them. For general purpose stuff that's often good
enough. For e-commerce you should go for the better certs, though.

Even then I *never* heard that any SSL CA threw a hissy fit about the
IP. The certs are issued for one (or more) domain names. That's the part
that doesn't change. The IP can be changed at any time at your leisure
and is none of their business.

-- 
With best regards

Michael Stauber