httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert L. Harris" <Robert.L.Har...@rdlg.net>
Subject Re: VHosts and SSL
Date Tue, 15 Jan 2002 15:19:06 GMT


Yeah, that won't work here. 

I figured that's how the SSL/httpd would work, but was hoping apache had
found a way to virtualize it as well.  It does some amazing stuff as is
and was just hoping they had one more trick up the sleeve I couldn't
find.


Thus spake Owen Boyle (obo@bourse.ch):

> "Robert L. Harris" wrote:
> > 
> > I was hoping you were going to find a large blunt object and tell me I
> > was missing something.  This was what I was thinking and just hoping
> > against.  We're trying to consolidate 35+ SSL hosts to 1 IP.  It looks
> > like sales is trying to increase the # of SSL as they charge more for
> > them.  This could get ugly.
> 
> Just to be clear, this is not a feature of apache - it is an intrinisc
> feature of HTTPS. The HTTPS session has to be established *before* any
> HTTP traffic takes place. In order to establish the HTTPS session, the
> server has to send a certificate to the client. Now it cannot do this if
> the certificate is defined in a VirtualHost, since it doesn't know which
> VH to use because no HTTP request has been received yet! 
> 
> There is only one pretend-workaround and that is to use the *same*
> certificate for all VHs - but then you get browser warnings (FQDN
> doesn't match certificate) and you lose server authentication which is
> an essential feature of SSL... Might be OK in a college or lab type of
> environment, however.
> 
> Rgds,
> 
> Owen Boyle.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org



:wq!
---------------------------------------------------------------------------
Robert L. Harris                |  Micros~1 :  
Senior System Engineer          |    For when quality, reliability 
  at RnD Consulting             |      and security just aren't
                                \_       that important!
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.
FYI:
 perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message