httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] multiple SSL VirtualHosts
Date Fri, 30 Aug 2002 07:26:59 GMT
You can have multiple SSL VHs but only if they use different IP addresses and/or port numbers.
So for instance:

192.168.1.1:443 and 192.168.1.1:444 (port-based)
or
192.168.1.1:443 and 192.168.1.2:443 (IP-based)
or
192.168.1.1:443 and 192.168.1.2:444 (IP and port-based)

PS the last one is silly :-)

Assuming you choose the IP-based solution, then you just separate the VHs by IP address and
put the appropriate certificate in each one. E.g. (assuming mydomain1 = 192.168.1.1 and mydomain2
= 192.168.1.2):

Listen 192.168.1.1:443
<VirtualHost 192.168.1.1:443>
  ServerName mydomain1
  SSLCertificateFile /path/to/mydomain1.crt
  etc.
  ...
</VirtualHost>

Listen 192.168.1.2:443
<VirtualHost 192.168.1.2:443>
  ServerName mydomain2
  SSLCertificateFile /path/to/mydomain2.crt
  etc.
  ...
</VirtualHost>

I assume you have two certificates... If you use just one certificate in two VHs, you will
get a warning on one of the sites.

Rgds,

Owen Boyle

>-----Original Message-----
>From: Karoly VEGH [mailto:karoly.vegh@uta.at]
>Sent: Donnerstag, 29. August 2002 20:27
>To: users@httpd.apache.org
>Subject: RE: [users@httpd] multiple SSL VirtualHosts
>
>
>On Thu, 29 Aug 2002, Boyle Owen wrote:
>
>> The mistake is in trying to make name-based SSL virtual 
>hosts. You can't.
>> The problem comes up frequently on the mod_ssl mailing list (e.g.
>> http://marc.theaimsgroup.com/?l=apache-modssl&m=98576871506980&w=2)
>> Basically, the trouble is that the SSL session has to be established
>> before there is any HTTP traffic. This means the server needs the
>> certificate before it gets to see the "Host" header. 
>However, since it
>> doesn't know the Host, how is supposed to know what VH to use for the
>> cert?
>
>thanks for the info, *sigh*
>
>> To put it another way, SSL packets are routed using only TCP/IP
>> attributes (IP and port number) and do not have any HTTP attributes
>> available to them at the session set-up.   >
>
>OK, i tried it both ways, with another port and with another IP...
>
>but i have  aweird problem.
>
>Though I have the
>SSLCertificateKey myotherdomain.at.key
>directive in the VIrtualHosts section,
>when i call https://myotherdomain.at comes the message from the browser
>that this server uses the certificate from mydomain.at ...
>
>mydomain.at comes the first in httpd.conf, but i dont know 
>where to search
>for the mistake.
>
>any ideas?
>
>tia
>
>charlie
>
>
>-- 
>Yetsten poss omm-moy owf, vonn da yayzooss show English graydit hot,
>don is diss show long goo-add gnu-og fee-a ike, es tsneeacktal.
>
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message