Hi , 

I use pound as a redirector to serve multiple sites each running on the 
same internal IP with different ports as backends, pound listens to the 
public IP and sends the HTTP request to proper backends based on http 
request. Now some of my domains require https ,

Do i need to purchase certificates for each domain i am running on my 
server ?

Is there a way I purchase only one certificate use it in pound and than 
all https requests for all the domains is served thru this https enables 
backend ?

How am i suppose to provide https for all of my domain being served by 
pound ?



Regards



-- 
Syed Atif Ali
D. +971 4 3911914
F. +971 4 3911915
___________________________________________ 
Give a man a match, and he'll be warm for a minute, but set him on fire, and
he'll be warm for the rest of his life.

aT napsal(a):
> Do i need to purchase certificates for each domain i am running on my 
> server ?

Yes. At least, for every 2nd level domain. You can use a "wildcard" 
certificate for *.yourdomain.com and it will be valid for 
www.yourdomain.com and another.yourdomain.com. But you cannot use it for 
www.otherdomain.com.

> How am i suppose to provide https for all of my domain being served by 
> pound ?

Unfortunately, it is not a pound related problem. The "problem" is with 
HTTPS itself. The verification and encryption stuff happens BEFORE the 
request (containing the virtual hostname) is sent, and therefore, you 
are always limited to one certificate (and one domain) per IP address. 
Of course, your server can have more IP addressess and you can define 
several HTTPS listeners, each bound to one IP and each having it's 
separate certificate.

Hope this helps.

-- 
Michal Táborský
chief systems architect
Internet Mall, a.s.
<http://www.MALL.cz>

Michal Taborsky - Internet Mall wrote:
>> How am i suppose to provide https for all of my domain being served by
>> pound ?
> 
> Unfortunately, it is not a pound related problem. The "problem" is with
> HTTPS itself. The verification and encryption stuff happens BEFORE the
> request (containing the virtual hostname) is sent, and therefore, you
> are always limited to one certificate (and one domain) per IP address.
> Of course, your server can have more IP addressess and you can define
> several HTTPS listeners, each bound to one IP and each having it's
> separate certificate.
> 
> Hope this helps.


It isn't pretty, but an alternative solution would be to create your own
self-signed certificate for a generic wildcard domain of just "*", which
would then cover ANY domain you host, but all of the clients visiting
this site would receive a notice that it wasn't signed by a known CA.

we use rapidssl.com(as a reseller) ... fast, cheap and i have never had 
a complaint about the cert not working in a browser

Michal Taborsky - Internet Mall wrote:
> aT napsal(a):
>> Do i need to purchase certificates for each domain i am running on my 
>> server ?
>
> Yes. At least, for every 2nd level domain. You can use a "wildcard" 
> certificate for *.yourdomain.com and it will be valid for 
> www.yourdomain.com and another.yourdomain.com. But you cannot use it 
> for www.otherdomain.com.
>
>> How am i suppose to provide https for all of my domain being served 
>> by pound ?
>
> Unfortunately, it is not a pound related problem. The "problem" is 
> with HTTPS itself. The verification and encryption stuff happens 
> BEFORE the request (containing the virtual hostname) is sent, and 
> therefore, you are always limited to one certificate (and one domain) 
> per IP address. Of course, your server can have more IP addressess and 
> you can define several HTTPS listeners, each bound to one IP and each 
> having it's separate certificate.
>
> Hope this helps.
>


-- 
Jimmy Brake
DW Alliance LLC
jimmy(at)dwalliance.com
510 903 0644
Making Web Solutions Easy for Business
http://www.dwalliance.com