httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pete Nelson" <pete.nel...@ci.stpaul.mn.us>
Subject Re: SSL
Date Fri, 08 Mar 2002 13:58:26 GMT
This won't solve your problem (sorry), but rather a suggestion for a way
to avoid the issue.

I recently worked for a company that had about 150 virtual domains (it
seemed like every day I was renewing one domain or another . . .grr!). 
We also looked at the unfavorable option of buying a certificate for
each domain - ouch!

What we ended up doing is having one secure domain, the main domain for
the company.  All of our other domains would handle SSL by sending the
browser to the secure domain before the https request - in other words,
a link to a secure form on http://www.yetanotherhost.com would point to
a file on https://www.ourcompany.com.  This SSL server was actually a
completely separate process from the server with all the virtual hosts
(two instances of apache).  So if someone tried
https://www.yetanotherhost.com , there would be nothing listening on
port 443.

Not a very graceful solution, but it does avoid the 'mismatched
certificate' issue.

--
Pete Nelson, Web Developer
<pete.nelson@ci.stpaul.mn.us>
http://www.ci.stpaul.mn.us/

>>> erwiensamantha@netscape.net 03/07/02 09:16PM >>>
Ok , next question is

How bout if i try to redirect.
If someone hit https://a.domain.com/api will redirect to 
https://secure.domain.com/api 
I already try with redirection syntax like this
<VirtualHost *>
ServerName a.domain.com
Redirect permanent /api https://secure.domain.com/api 

</VirtualHost>

But ..in the Client Browser i always got warning "Domain Name
Mismatch".


How can i pass SSL verify before the client get
https://secure.domain.com 


wIen

Vernon@b2unow.com wrote:

>As far as I know you cannot.
>
>
>-----Original Message-----
>From: Erwien Samantha Y <erwiensamantha@netscape.net>
>To: users@httpd.apache.org 
>Date: Fri, 08 Mar 2002 08:47:15 +0700
>Subject: Re: SSL
>
>>Ok .., let start from simple question first ..
>>
>>Can we user 1 certificate license for handle many FQDN ?
>>
>>the example,
>>
>>I have FQDN secure.domain.com that have already the license
>>certificate.
>>can use the same certificate for all mu FQDN like a.domain.com , 
>>b.domain.com etc.
>>
>>
>>
>>sn4265@sbc.com wrote:
>>
>>>   Sounds to me like you are running 'beta.mydomain.com' as a
Virtual
>>>Host, and 'secure.mydomain.com' as the primary site.  My guess
would
>>>
>>be that
>>
>>>you accidentally included the directives for 'beta' in the SSL
section
>>>
>>of
>>
>>>the httpd.conf file.  Just a guess though.  I might, let me stress
>>>
>>MIGHT, be
>>
>>>able to figure it out for sure by looking at your httpd.conf file.
>>>
>>>-----Original Message-----
>>>From: Erwien Samantha Y [mailto:erwiensamantha@netscape.net] 
>>>Sent: Wednesday, March 06, 2002 11:04 PM
>>>To: users@httpd.apache.org 
>>>Subject: SSL 
>>>
>>>
>>>
>>>Hi ..,
>>>
>>>I need some advice
>>>I have 1 domain that already certificated , u can say
>>>
>>secure.mydomain.com .
>>
>>>And i have another domain beta.mydomain.com , those two domain have
>>>
>>same 
>>
>>>IP address.
>>>If i type https://beta.mydomain.com it always say mismatch
>>>
>>certification 
>>
>>>. (this i understand
>>>because only secure.mydomain.com that have certificate).
>>>
>>>Any trick for this ??
>>>with redirection maybe ...
>>>Please suggest me
>>>
>>>erwien
>>>
>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>The official User-To-User support forum of the Apache HTTP Server
>>>
>>Project.
>>
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
>>>For additional commands, e-mail: users-help@httpd.apache.org 
>>>
>>>---------------------------------------------------------------------
>>>The official User-To-User support forum of the Apache HTTP Server
>>>
>>Project.
>>
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
>>>For additional commands, e-mail: users-help@httpd.apache.org 
>>>
>>-- 
>>-==  HonesT Is The BesT PoLicY ==-
>>         -----------------
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server
>>Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
>>For additional commands, e-mail: users-help@httpd.apache.org 
>>
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server
Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
>For additional commands, e-mail: users-help@httpd.apache.org 
>

-- 
-==  HonesT Is The BesT PoLicY ==-
         -----------------




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
For additional commands, e-mail: users-help@httpd.apache.org 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message