[mistwang]

Quote:

That is true about the multiple ssl hosts in apache. My problem occurs because I am natting 1 real address to multiple internals. Because of the chicken and egg scenario with ssl I cannot do named virtuals on the apache server with ssl (only ip based virtuals) so I need a method that will forward the request based on the host headers. The method I came up with was to use squid in reverse mode.

I am confused. :?
Are you talking about have squid listen on port 443 only and dispatch ssl requests to NATed internal address based on the host header in the encrypted request header? or squid listen on multiple ports, each port is associated with one backend virtual host?

If it is former, I must be missing something because I think it is impossible for squid to decrypt the request with the right ssl private key in order to know the content of host header.

If it is later, why not have the backend Apache listen on those ports directly.

Quote:

So are you telling me I can use your webserver and have multiple named ssl virtuals? If I can you have an instant sale.

A unique IP:PORT combination must be assigned for each SSL certificate. It is impossible to do name based SSL virtual hosting as SSL handshake is the first step and host header is not available yet.
With one IP, you can use different port for different SSL certificate though.