httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric ...@kwinternet.com>
Subject RE: [users@httpd] separate certificate per virtual host
Date Thu, 03 Feb 2005 16:36:57 GMT
At 08:24 AM 2/3/2005, Nelson, Robert D. wrote:
>Yassen:
>
> > Hi all (my first post to this list):
>
>Welcome. :)
>
> > I could not find any help so far for resolving the following problem:
> >
> > apache 2.0.52 w/ dynamic virtual hosts (we host a lot of
> > domains, so dynamic virtual hosting is a great relief -- I
> > cannot part with it!)
> >
> > Need to present a host-specific SSL certificate for each
> > virtual host, so the host name in the certificate matches the
> > virtual host name. How to configure apache to handle this case?
>
>The SSL handshake happens before any HTTP headers are sent, which is why you
>MUST use IP-based virtual hosting with SSL. This way, Apache knows what
>virtual host to serve up by the IP of the request without knowing the 'host'
>line in the headers.
>
>You can read up on IP-based virtual hosting here:
>
>  http://httpd.apache.org/docs-2.0/vhosts/ip-based.html
>
> > Any help or a pointer to a good reading will be appreciated!
> > Thanks in advance!
>
>I've never used dynamic virtual hosts with SSL before, but I'd think it's
>possible as long as you stick to separate IPs for each virtual host. Maybe
>you can glean some info from this:
>
>  http://httpd.apache.org/docs-2.0/vhosts/mass.html#ipbased
>
>I'd think someone in this group has tried this before. Anyone?
>
>  ~ Robert

Hi,

This is more or less a ditto, but I have a setup with separate certs for 
virtual hosts and what he said about having distinct IPs is really the only 
important thing. Otherwise, it is a lot easier than I was worrying that it 
would be before I did it :) Just act like each virt host is a whole 
separate config and you won't get confused.

Thanks,

Eric




>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org


Lead Programmer
D.M. Contact Management
250.383.8267 ext 229 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message