httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matus \"fantomas\" Uhlar" <>
Subject Re: SSL/TLS
Date Tue, 20 Aug 2002 12:14:40 GMT
-> >not just, you can provide multiple vhosts but you can use only one
-> >certificate on one host/port combination which makes 
-> >virtualhosting harder.
-> What you say is nearly true, Matus, but your conclusion that you can
-> provide multiple vhosts is inaccurate. It is true that the Vhosts will
-> appear to work (you will get a session established) but you cannot
-> authenticate these sites... That is, the cerificate can only match one
-> site - all the others will cause the browser to complain that the site
-> doesn't match the certificate.

There's such thing wildcard certificate. I know there are discussions if
(not) to use them, however there is still one simple point - one certificate
for more vhosts, for example * for all hosts in

-> My point is: what are you using SSL for? If you want people to send you
-> sensitive data, you have to make them trust you and they should not trust
-> you if they cannot authenticate your certificate. To put it another way,
-> anyone can now copy your site, make a fake certificate and they will be
-> indistinguishable from your real site.
-> Authentication is as much a part of SSL as encryption.

Well, that is still about certificates if to trust them, not about virtual
 Matus "fantomas" Uhlar, ;
 Warning: I don't wish to receive spam to this address.
 Varovanie: Nezelam si na tuto adresu dostavat akukolvek reklamnu postu.
 Windows 2000: 640 MB ought to be enough for anybody

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message