httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Owen Boyle <...@bourse.ch>
Subject Re: VHosts and SSL
Date Tue, 15 Jan 2002 14:48:34 GMT
"Robert L. Harris" wrote:
> 
> I was hoping you were going to find a large blunt object and tell me I
> was missing something.  This was what I was thinking and just hoping
> against.  We're trying to consolidate 35+ SSL hosts to 1 IP.  It looks
> like sales is trying to increase the # of SSL as they charge more for
> them.  This could get ugly.

Just to be clear, this is not a feature of apache - it is an intrinisc
feature of HTTPS. The HTTPS session has to be established *before* any
HTTP traffic takes place. In order to establish the HTTPS session, the
server has to send a certificate to the client. Now it cannot do this if
the certificate is defined in a VirtualHost, since it doesn't know which
VH to use because no HTTP request has been received yet! 

There is only one pretend-workaround and that is to use the *same*
certificate for all VHs - but then you get browser warnings (FQDN
doesn't match certificate) and you lose server authentication which is
an essential feature of SSL... Might be OK in a college or lab type of
environment, however.

Rgds,

Owen Boyle.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message