httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dick Davies <rasput...@hellooperator.net>
Subject Re: [users@httpd] More than one https server on one ip
Date Wed, 13 Oct 2004 22:43:32 GMT
* Gary Algier <gaa@ulticom.com> [1034 23:34]:
> Patrick Donker wrote:
> >Joshua Slive wrote:
> >
> >>On Wed, 13 Oct 2004 22:52:50 +0100, Ian Jeffray <ian@jeffray.co.uk> 
> >>wrote:
> >>
> >>>Patrick Donker wrote:
> >>>
> >>>
> >>>>Is it possible to host more than one https site on a single ip using

> You can't.  It is a chicken-or-egg problem.
> 
> When a client connects to a server via http, it sends a header that the 
> server
> can read to tell which virtual server is wanted.  You can have many server
> names that all resolve to the same IP address and the header will tell the
> server "who" to be.

> I guess, there is the possibility that one could use the same key for all
> servers on a particular IP, but part of the SSL startup includes sending
> a cert from the server to the client so which cert should the server send?
> You can't have once cert with multiple names in it.

You sort of can if you have a common name  of *.domain.com and let all the
servers have the same cert/key - I've heard friends say that worked OK.


[ Actually the SSL spec *does* allow a certificate to hold multiple hostnames.
I use this on my LDAP boxes so each node has it's own common name, and then 
share a 'SubjectAltName' field which is a round-robin DNS entry.

That isn't much better than the above though in the https case - the browser
probably wants to see the name it asked for in the common name field and
you're still sharing a certificate... ]

-- 
Bender, Ship, stop arguing or I'll come back there and change your opinions
manually. - Leela
Rasputin :: Jack of All Trades - Master of Nuns

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message