httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matus \"fantomas\" Uhlar" <uh...@fantomas.sk>
Subject Re: SSL/TLS
Date Tue, 20 Aug 2002 12:14:40 GMT
-> >not just, you can provide multiple vhosts but you can use only one
-> >certificate on one host/port combination which makes 
-> >virtualhosting harder.
-> 
-> What you say is nearly true, Matus, but your conclusion that you can
-> provide multiple vhosts is inaccurate. It is true that the Vhosts will
-> appear to work (you will get a session established) but you cannot
-> authenticate these sites... That is, the cerificate can only match one
-> site - all the others will cause the browser to complain that the site
-> doesn't match the certificate.

There's such thing wildcard certificate. I know there are discussions if
(not) to use them, however there is still one simple point - one certificate
for more vhosts, for example *.fantomas.sk for all hosts in fantomas.sk
domain.

-> My point is: what are you using SSL for? If you want people to send you
-> sensitive data, you have to make them trust you and they should not trust
-> you if they cannot authenticate your certificate. To put it another way,
-> anyone can now copy your site, make a fake certificate and they will be
-> indistinguishable from your real site.
-> 
-> Authentication is as much a part of SSL as encryption.

Well, that is still about certificates if to trust them, not about virtual
hosts.
-- 
 Matus "fantomas" Uhlar, uhlar@fantomas.sk ; http://www.fantomas.sk/
 Warning: I don't wish to receive spam to this address.
 Varovanie: Nezelam si na tuto adresu dostavat akukolvek reklamnu postu.
 Windows 2000: 640 MB ought to be enough for anybody

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message