UPDATE: 2013

更新：2013

It appears that SNI is finally beginning take hold as older browsers are falling away. Here are the docs for Apache SNIand here is a wikipedia article on SNIthat includes a chart on browsers that support it. In short, all the major browsers support it in supported versions; if supporting older browsers is important, you may have to take that into consideration.

随着旧浏览器的淘汰，SNI 似乎终于开始站稳脚跟。这里是Apache SNI的文档，这里是关于 SNI的维基百科文章，其中包括支持它的浏览器的图表。简而言之，所有主流浏览器都在支持的版本中支持它；如果支持旧浏览器很重要，您可能必须考虑到这一点。

------ previous answer ------------

------ 之前的回答--------------

SSL Hosts must be tied to a unique IP address/port combination, thus you cannot use virtual hosting (Or at least, it can only have one ssl host per IP address). This is due to the fact that https begins encryption before the Host: parameter is sent in http, and thus it cannot determine which cipher to use from the hostname - all it has is the IP address.

SSL 主机必须绑定到唯一的 IP 地址/端口组合，因此您不能使用虚拟主机（或者至少，每个 IP 地址只能有一个 ssl 主机）。这是因为 https 在 Host: 参数在 http 中发送之前开始加密，因此它无法根据主机名确定使用哪种密码 - 它只有 IP 地址。

This would be silly easy to fix if HTTP had a TLS command so it could start SSL after asking for the hostname, but no one asked me.

如果 HTTP 有一个 TLS 命令，这样它就可以在询问主机名后启动 SSL，这将很容易解决，但没有人问我。

For the definitive answer, see http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts2

有关明确的答案，请参阅http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts2

After hints in the answers given and comments to it (especially by Martin v. L?wis) I did some googling and found this website about RFC 2817 and RFC 3546. RFC 3546 seems to be a good solution.

在给出的答案和评论中给出提示后（尤其是 Martin v. L?wis），我进行了一些谷歌搜索，找到了关于 RFC 2817 和 RFC 3546 的网站。RFC 3546 似乎是一个很好的解决方案。

AFAIK it's not possible to set up different SSL certificates for name-based virtual hosts using mod_ssl. You can read the detailed reason here. An alternative would be using IP based virtual hosts (Which is probably not possible / not a very satisfying solution) - just insert different SSLCertificateFile directives, or you could try thismethod using mod_gnutls.

AFAIK 不可能使用 mod_ssl 为基于名称的虚拟主机设置不同的 SSL 证书。您可以在此处阅读详细原因。另一种方法是使用基于 IP 的虚拟主机（这可能是不可能的/不是一个非常令人满意的解决方案） - 只需插入不同的 SSLCertificateFile 指令，或者您可以使用 mod_gnutls尝试此方法。

You will need a separate IP:port combination for each vhost.

每个虚拟主机都需要一个单独的 IP:port 组合。

RFC 3546 is not feasible yet. IE only supports it when running under Vista, and last I checked Safari doesn't manage it either.

RFC 3546 尚不可行。IE 仅在 Vista 下运行时支持它，最后我检查了 Safari 也不管理它。

While everything DGM mentioned is true, there have been some attempts to get around the requirement for a unique IP address for every certificate including mod_gnutls and using TLS extensions. There are some drawbacks but they may be acceptable to you.

尽管 DGM 提到的所有内容都是真实的，但还是有人尝试绕过对每个证书（包括 mod_gnutls 和使用TLS 扩展）的唯一 IP 地址的要求。有一些缺点，但它们可能对您来说是可以接受的。

Finally it's possible! You need both server and client to support Server Name Indication (SNI)

终于有可能了！您需要服务器和客户端都支持服务器名称指示 (SNI)

Browsers, that support SNI:

支持 SNI 的浏览器：

• Mozilla Firefox 2.0 or later
• Opera 8.0 or later (with TLS 1.1 enabled)
• Internet Explorer 7.0 or later (on Vista, not XP)
• Google Chrome
• Safari 3.2.1 on Mac OS X 10.5.6

• Mozilla Firefox 2.0 或更高版本
• Opera 8.0 或更高版本（启用 TLS 1.1）
• Internet Explorer 7.0 或更高版本（在 Vista 上，而非 XP）
• 谷歌浏览器
• Mac OS X 10.5.6 上的 Safari 3.2.1

This doc shows hoe to configure your server: SSL with Virtual Hosts Using SNI

这个文档展示了配置你的服务器的 hoe：SSL with Virtual Hosts Using SNI