httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kenevel" <kene...@hotmail.com>
Subject NameVirtualHosts & SSL
Date Tue, 25 Oct 2005 17:43:00 GMT
Hi everyone,

Firstly, this is a topic which may have been endlessly covered before, in
which case I apologise and will go down in flames...

But having referred to the 2.0 docs (well, more like the FAQ) at
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts2 I had a thought
about the viability of using SSL with multiple name-based virtual hosts (on
one IP address).

The docs at the URL given above effectively say that hosting more than one
SSL-enabled site using name-based virtual hosting is impossible, as it is
only after the SSL envelope has been decrypted that the server can determine
the "host" value and match this with the ServerName or ServerAlias.

My question is why the server couldn't do some sort of reverse-lookup on its
register of SSL certificates that are in use. Surely the server knows which
certificate it is using to service the request (or else it wouldn't be able
to decrypt its contents) and hence work out which virtual host uses that
certificate? This approach means of course that each name-based virtual host
would have to use a different certificate - but as those sites are more than
likely on different domains the certificates would necessarily be different.

Cheers guys,

Great server.

Mike

Mime
View raw message