httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralph Crongeyer" <rcronge...@oceaneering.com>
Subject RE: [users@httpd] Multiple Secure sites
Date Tue, 16 Mar 2004 15:24:29 GMT
You can use the directave "NameVirtualHost *:443"
 
then
 
NameVirtualHost *:443
 
<VirtualHost *:443>
DocumentRoot /path/to/docroot
ServerName www.mydomain.com
SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/mycert.crt
SSLCertificateKeyFile /etc/apache/ssl.crt/mycert.key
</VirtualHost>
 
<VirtualHost *:443>
DocumentRoot /path/to/docroot2
ServerName www.mydomain2.com
SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/mycert2.crt
SSLCertificateKeyFile /etc/apache/ssl.crt/mycert2.key
</VirtualHost>
 
This works for many Virtual Hosts on one ip address.
 
Ralph


>>> Owen.Boyle@swx.com 3/16/2004 3:32:03 AM >>>


> -----Original Message-----
> From: Nick [mailto:nick@finiteautomata.com] 
> 
> If I wanted to have multiple SSL sites on one server, do I 
> have to bind multiple IP's to that machine?  So I would need 
> one IP per SSL site?

Yes (assuming you want them all on port 443).

>  Is there any other way around this?

No (unless you're willing to have the port numbers in the URL).

The essential point is that the different SSL sites have to be distinct
at the TCP/IP layer (ie, the must have different IP:port combinations).
So you can have 192.168.1.1:443 and 192.168.1.1:444 (port-based) or you
can have 192.168.1.1:443 and 192.168.1.2:443 (ip-based). You can't
distinguish them using the "Host" header (name-based) since that is not
a TCP/IP attribute. The "Host" is only available at the HTTP layer - and
that's encrypted.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le présent e-mail est
un message privé et personnel, sans rapport avec l'activité boursière du
Groupe SWX.


> 
> Thanks,
> Nick
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org 
> For additional commands, e-mail: users-help@httpd.apache.org 
> 
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
   "   from the digest: users-digest-unsubscribe@httpd.apache.org 
For additional commands, e-mail: users-help@httpd.apache.org 




Mime
View raw message