httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Frank Reichenbacher" <fr...@mollynet.com>
Subject Re: Apache SSL question
Date Tue, 25 Jun 2002 20:25:58 GMT
Owen & Chad,

Go to https://ssl.mollynet.com (obviously under development)

Now go to http://www.mollynet.com.

Same IP address, both are NBVHs using the same instance of the Apache
daemon. There are multiple other NBVHs running off the same IP address on
port 80 also on the same daemon.

As I mentioned already, you can't run more than one NBVH on port 443 this
way; only one, the way I did, for exactly the reasons that you linked to.
Poor Alex is out of luck unless he can limit his needs to one secure NBVH or
gets another IP address.

The statements "you can't do NBVH with SSL" and SSL will not work on
namebased virtual hosts. They must be IP based." are incorrect. Actually,
the way you phrased it, in the plural, is more or less correct, but I'm not
sure that many users would have picked up on that nuance. You can do NBVH
with SSL.

Frank

----- Original Message -----
From: "Boyle Owen" <Owen.Boyle@swx.com>
To: <users@httpd.apache.org>
Sent: Tuesday, June 25, 2002 8:34 AM
Subject: RE: Apache SSL question


> Is where any way to configure SSL for two virtual hosts on the same IP
> address?
>
><VirtualHost 11.22.33.44>                               #IP-Adress without
Port
>              ..........................
>              SSLEngine on
>              ServerName host1.mysite.com
>              ..........................
></VirtualHost>
>
><VirtualHost 11.22.33.44>                               #IP-Adress without
Port
>              ..........................
>              SSLEngine on
>              ServerName host2.mysite.com
>              ..........................
></VirtualHost>
> This should work!

No it won't - for the reasons I already posted...
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47

How is the server supposed to know which certificate to use in the SSL
negotiation? The certificate is inside the VH but it doesn't know which VH
to use until it gets the Host header in the HTTP request. However, and
here's the rub, it doesn't get the HTTP request until it sets up SSL!

Since it is impossible to get the Host header before establishing SSL, you
can't use NBVHs with SSL.

Rgds,

Owen Boyle

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message