Wait, before you say to yourself that it's impossible to use Name Based SSL Virtual Hosting and that you have to use IP Based SSL Virtual Hosting checkout this link:


It turns out that there is an undocumented (or poorly documented) extension to the SSL protocol called Server Name Indication.

The solution is an extension to the SSL protocol called Server Name Indication (RFC 4366), which allows the client to include the requested hostname in the first message of its SSL handshake (connection setup). This allows the server to determine the correct named virtual host for the request and set the connection up accordingly from the start.

With SNI, you can have many virtual hosts sharing the same IP address and port, and each one can have its own unique certificate (and the rest of the configuration).

Of course there is a gotcha – your clients need to be running a modern browser (no IE6), but really who cares? This is just too awesome to pass up.