I was messing around with SSL certificates today trying to get rid of the annoying error message when I logged on to mail.paulmagrath.com. The problem was that I was using the same certificate for www.paulmagrath.com and mail.paulmagrath.com. This certificate had a Common Name of www.paulmagrath.com which, naturally, did not match up with mail.paulmagrath.com.
So, I figured I would just create another SSL certificate for mail.paulmagrath.com with mail.paulmagrath.com as the Common Name.
But, it didn’t work.
After I changed the ssl.conf file, Apache kept using the SSL certificate for www.paulmagrath.com instead of the one for the mail.paulmagrath.com.
After some expression of my frustration, I turned to Google. :-)
Google revealed that Apache only supports one SSL certificate per IP address. Seems to be a pretty stupid limitation of the SSL protocol rather than the way Apache implements it. Hopefully someone will fix it soon but for now the best workaround seems to be to use a wildcard SSL certificate.
So, I am now using a certificate with a Common Name of *.paulmagrath.com for all the subdomains. (Yes, all two of them)