httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron W Morris <aaronmor...@mindspring.com>
Subject Re: [users@httpd] Multiple Secure sites
Date Thu, 18 Mar 2004 03:54:04 GMT
Ralph Crongeyer wrote:

> You can use the directave "NameVirtualHost *:443"
>  
> then
>  
> NameVirtualHost *:443
>  
> <VirtualHost *:443>
> DocumentRoot /path/to/docroot
> ServerName www.mydomain.com
> SSLEngine on
> SSLCertificateFile /etc/apache/ssl.crt/mycert.crt
> SSLCertificateKeyFile /etc/apache/ssl.crt/mycert.key
> </VirtualHost>
>  
> <VirtualHost *:443>
> DocumentRoot /path/to/docroot2
> ServerName www.mydomain2.com
> SSLEngine on
> SSLCertificateFile /etc/apache/ssl.crt/mycert2.crt
> SSLCertificateKeyFile /etc/apache/ssl.crt/mycert2.key
> </VirtualHost>
>  
> This works for many Virtual Hosts on one ip address.
>  
> Ralph
> 
> 
> 
>>>>Owen.Boyle@swx.com 3/16/2004 3:32:03 AM >>>
> 
> 
> 
>>-----Original Message-----
>>From: Nick [mailto:nick@finiteautomata.com] 
>>
>>If I wanted to have multiple SSL sites on one server, do I 
>>have to bind multiple IP's to that machine?  So I would need 
>>one IP per SSL site?
> 
> 
> Yes (assuming you want them all on port 443).
> 
> 
>> Is there any other way around this?
> 
> 
> No (unless you're willing to have the port numbers in the URL).
> 
> The essential point is that the different SSL sites have to be distinct
> at the TCP/IP layer (ie, the must have different IP:port combinations).
> So you can have 192.168.1.1:443 and 192.168.1.1:444 (port-based) or you
> can have 192.168.1.1:443 and 192.168.1.2:443 (ip-based). You can't
> distinguish them using the "Host" header (name-based) since that is not
> a TCP/IP attribute. The "Host" is only available at the HTTP layer - and
> that's encrypted.
> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored. 
> 
> 
> 
> 
>>Thanks,
>>Nick
>>

Guys, I hate to rain on your parade but Name Based Virtual Hosting is 
not compatible with SSL (as Nick already pointed out).  Many have tried 
it and all have failed.  If you do try it, you will find out that only 
the first SSLed virtual host will work.


-- 
Aaron W Morris <aaronmorris@mindspring.com> (decep)



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message