httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacob Coby" <jc...@listingbook.com>
Subject Re: [users@httpd] IP Based Virtual Host
Date Tue, 29 Jul 2003 14:42:29 GMT

----- Original Message -----
> >I have 4 domains on the same server and just one external IP. Can I use
ssl
> >with different certificates for each of the domains using name based
> vhosts?
> >
> >I've tried to set my server with ip based virtual host but cannot make my
> >router forward the packets to the right ip. I've created one virtual ip
for
> >each domain.

I'm not sure if this has been answered before, but you cannot share SSL
certificates across multiple domains on the same IP.  The reason is that the
SSL data encapsulates the entire HTTP transaction, including the Host header
which name based virtual hosts uses to determine which site to serve up.
Apache can't get to the Host header inside the SSL data until after it
decodes the SSL data, using the correct certificate.  It can't get the
correct certificate until after it has decoded the SSL data.  A chicken and
egg situation; Apache just grabs the default SSL certificate and uses that
for all SSL transactions on an IP.

There is really no way around it, other than to use multiple IP addresses or
to hack Apache to have some sort of SSLCertRepository directive and have it
search all of the certs in that repository for the correct one (which could
be very slow).

-Jacob


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message