21 Mar
2010
21 Mar
'10
6:36 a.m.
On 22/03/2010, at 1:32 PM, Quintin Russ wrote:
On 22/03/10 13:28, Nathan Ward wrote:
Yeah you can't do that with SSL, but you can with TLS if you have RFC4366 support with the servername thing.
Off topic, but you actually can have multiple "hostnames" per a single IP but you need to use a wildcard SSL certificate & the cert would need to be on a load balancer or on the same physical server.
You can also set subjectAltName if you want the certificate to cover names where a wildcard is not feasible. Of course not eve TLS+SNI works for an SSL type VPN - you typically want the SSL negotiation to happen at the VPN concentrator because there's some auth that happens based on the certificate that the client presents. -- Nathan Ward