httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject Re: SSL enabled name virtual hosts
Date Mon, 06 Mar 2006 18:38:14 GMT
On 3/6/06, Daniel Rogers <daniel@phasevelocity.org> wrote:

> My SSL virtual hosts are, effectively, Name based, not port based (there
> are only two ports involved 443, and 444 for unlimited virutal hosts).
> All ssl virtual hosts are on port 444, and their name is used to
> distinguish them.

So you're unable to  set things like client authentication, CRL
checking, or restrictive ciphers at a per-vhost level?  It's unclear
to me  whether the specific vhosts are HTTP or HTTPS, but either way
it's not the browser talking to them, right?

Don't you get this same "solution" with 1 RewriteRule (proxied, not
redirected) and a certificate crafted the way you describe?

> I'll answer these two points together.  subjectAltName doesn't have to
> allow an "all purpose" certificate.  It can be on a single host, or an
> enumerated set of hosts.

How do you add a new host?  How do you revoke a certificate or know
where to do CRL checking for an organization if it's all common?

--
Eric Covener
covener@gmail.com

Mime
View raw message