Multiple Domains (with SSL), one site?

Discussion in 'General' started by AlArenal, Jul 30, 2009.

  1. AlArenal

    AlArenal New Member


    By client request I need a config tool that allows multiple domains (some secured by SSL certificate) to point to the same site, where they are served by a single Drupal multisite installation. Also mail addresses and boxes have to be managed per domain, not per web.

    I have to admit, that I have not worked with ISPC3 by now. All my current servers use ISPC2.

  2. NdK

    NdK Member

    Having multiple SSL certificates is a real pain. And it's quite slow! Don't do it -- tell the client that it costs too much :) (if he asks HOW much, tell him at least 20 times what you'd ask for a "normal" one).

    The only way the server have to know which site the user is trying to access is trying ALL the certificates (using the private keys). *UNLESS* your client accepts to have an explicit port number in the URL. Or you have access to a different IP for every SSL certificate and then redirect to the same virtual host.

    I did it some years ago and wouldn't do it again.
  3. AlArenal

    AlArenal New Member

    Hm.. I've been told that the installation currently holds five sites of which two are secured by SSL. Would you say in such a rather slim use-case the performance penalty would be significant, too?

    Also, coming back to my original question, can such a setup be implemented with ISPC3 out of the box?
  4. NdK

    NdK Member

    It's a 100% impact on performance -- every SSL request takes about twice the time it would take on a single-certificate config.

    Sorry, I can't answer to this... I just started using ISPConfig (less than a week!).
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess a multidomain certificate should work for this.
  6. NdK

    NdK Member

    IIUC multidomain certificates just "group" many domains in a single certificate.

    They could be good if you already have the whole domains list when you get your certificate signed by the CA. The only alternative (if you have domains that often come&go) could be a certificate bound to the IP address...

Share This Page