Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 67115 invoked by uid 500); 30 Aug 2002 07:26:52 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 67062 invoked from network); 30 Aug 2002 07:26:52 -0000 Received: from ns0a.swx.com (146.109.240.107) by daedalus.apache.org with SMTP; 30 Aug 2002 07:26:52 -0000 Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145]) by ns0a.swx.com (8.9.3+Sun/8.9.3) with ESMTP id JAA10428 for ; Fri, 30 Aug 2002 09:27:00 +0200 (MEST) Received: from SOMEXEVS001.ex.ordersx.org (localhost [127.0.0.1]) by gate0b.unix.swx.ch (8.9.3+Sun/8.9.3) with ESMTP id JAA03578 for ; Fri, 30 Aug 2002 09:26:59 +0200 (MEST) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Date: Fri, 30 Aug 2002 09:26:59 +0200 Message-ID: <14D1193E30E0894D8A773957C0AEE24A01EE0237@SOMEXEVS001.ex.ordersx.org> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [users@httpd] multiple SSL VirtualHosts Thread-Index: AcJPifEfcZ4LDVy1RfGkslytBYHpXQAa7K8A From: "Boyle Owen" To: X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: RE: [users@httpd] multiple SSL VirtualHosts You can have multiple SSL VHs but only if they use different IP = addresses and/or port numbers. So for instance: 192.168.1.1:443 and 192.168.1.1:444 (port-based) or 192.168.1.1:443 and 192.168.1.2:443 (IP-based) or 192.168.1.1:443 and 192.168.1.2:444 (IP and port-based) PS the last one is silly :-) Assuming you choose the IP-based solution, then you just separate the = VHs by IP address and put the appropriate certificate in each one. E.g. = (assuming mydomain1 =3D 192.168.1.1 and mydomain2 =3D 192.168.1.2): Listen 192.168.1.1:443 ServerName mydomain1 SSLCertificateFile /path/to/mydomain1.crt etc. ... Listen 192.168.1.2:443 ServerName mydomain2 SSLCertificateFile /path/to/mydomain2.crt etc. ... I assume you have two certificates... If you use just one certificate in = two VHs, you will get a warning on one of the sites. Rgds, Owen Boyle >-----Original Message----- >From: Karoly VEGH [mailto:karoly.vegh@uta.at] >Sent: Donnerstag, 29. August 2002 20:27 >To: users@httpd.apache.org >Subject: RE: [users@httpd] multiple SSL VirtualHosts > > >On Thu, 29 Aug 2002, Boyle Owen wrote: > >> The mistake is in trying to make name-based SSL virtual=20 >hosts. You can't. >> The problem comes up frequently on the mod_ssl mailing list (e.g. >> = http://marc.theaimsgroup.com/?l=3Dapache-modssl&m=3D98576871506980&w=3D2)= >> Basically, the trouble is that the SSL session has to be established >> before there is any HTTP traffic. This means the server needs the >> certificate before it gets to see the "Host" header.=20 >However, since it >> doesn't know the Host, how is supposed to know what VH to use for the >> cert? > >thanks for the info, *sigh* > >> To put it another way, SSL packets are routed using only TCP/IP >> attributes (IP and port number) and do not have any HTTP attributes >> available to them at the session set-up. > > >OK, i tried it both ways, with another port and with another IP... > >but i have aweird problem. > >Though I have the >SSLCertificateKey myotherdomain.at.key >directive in the VIrtualHosts section, >when i call https://myotherdomain.at comes the message from the browser >that this server uses the certificate from mydomain.at ... > >mydomain.at comes the first in httpd.conf, but i dont know=20 >where to search >for the mistake. > >any ideas? > >tia > >charlie > > >--=20 >Yetsten poss omm-moy owf, vonn da yayzooss show English graydit hot, >don is diss show long goo-add gnu-og fee-a ike, es tsneeacktal. > > > > >--------------------------------------------------------------------- >The official User-To-User support forum of the Apache HTTP=20 >Server Project. >See for more info. >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org >For additional commands, e-mail: users-help@httpd.apache.org > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org