Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 28907 invoked from network); 14 Sep 2005 11:16:59 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 14 Sep 2005 11:16:59 -0000 Received: (qmail 60877 invoked by uid 500); 14 Sep 2005 11:16:45 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 60861 invoked by uid 500); 14 Sep 2005 11:16:44 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 60847 invoked by uid 99); 14 Sep 2005 11:16:44 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 14 Sep 2005 04:16:44 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [146.109.240.235] (HELO ns0b.swx.com) (146.109.240.235) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 14 Sep 2005 04:16:54 -0700 Received: from gate0b.unix.swx.ch (gate0b [192.168.252.145]) by ns0b.swx.com (8.13.4/8.13.4) with ESMTP id j8EBGaJw004105; Wed, 14 Sep 2005 13:16:36 +0200 (MEST) Received: from CIWMEXZSA0E.ex.ordersx.org (localhost [127.0.0.1]) by gate0b.unix.swx.ch (8.13.4/8.13.4) with ESMTP id j8EBGZ48004942; Wed, 14 Sep 2005 13:16:35 +0200 (MEST) Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 Importance: normal Priority: normal Date: Wed, 14 Sep 2005 13:16:35 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [users@httpd] Both IP based and name based virtual host on same server. thread-index: AcW48U+8IQXjoXVIQbeQbeOp8Lz5rAAKxDGA From: "Boyle Owen" To: , X-Virus-Checked: Checked by ClamAV on apache.org Subject: RE: [users@httpd] Both IP based and name based virtual host on same server. X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N -----Original Message----- From: Arun G Nair [mailto:arungnair@gmail.com] > Atlast I got it working !!!! So name based virtual hosting *is* = possible with mod_ssl.=20 No it isn't. You only have encryption working. You do not have = authentication. Just to put the record straight for anyone in the future who might read = this thread, the poster is running a development setup and is only = interested in having the HTTP session encrypted. He does not car that = all the namebsed hosts are using the same certificate (the cert from the = first VH). THis is fine if you only want to encrypt the traffic but is = useless in a commercial environement where it is essential that the = common name in the cert matches the URL the user typed in. Put it this = way; would you be happy to type your credit-card number into a webpage = which had "amazon" in the address bar but where if you looked into the = cert you saw that the common name was "dodgy-dealer.com"? Another analogy: if you had a million dollars to send to the bank and an = armoured car arrived to collect it, would you be happy to put your cash = in the car? It would be safe from robbers on its way to the bank, but = how would you know it was really going to go to the bank? You'd ask the = driver for some ID, I'd hope! In the real world, authentication is every bit as important as = encrpytion so this is no real solution.=20 Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored.=20 ----------httpd.conf--------- < IfModule mod_ssl.c > Listen 443 Listen 80 AddType = application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl = .crl< / IfModule >< IfModule mod_ssl.c > SSLCACertificateFile /etc/apache/ssl.crt/ca-bundle.crt = SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/run/ssl_scache = SSLSessionCacheTimeout 300 SSLMutex file:/var/run/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin< / = IfModule >NameVirtualHost 172.16.2.0:80 ServerName abcn.com DocumentRoot = /var/www/abc# SSL Virtual HostsNameVirtualHost=20 172.16.2.0:443< VirtualHost 172.16.2.0:443 > DocumentRoot = /var/www/abc ServerName secure.abcn.com SSLEngine on SSLCertificateFile /etc/apache/ssl.crt/server.crt = SSLCertificateKeyFile /etc/apache/ssl.key/server.pem SetEnvIf = User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown CustomLog = /var/log/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"< / VirtualHost = > ----------httpd.conf--------- Let me know if this can be trimmed down some more. Thanx everyone, = especially Davide.=20 Regards,=20 Arun =20 =20 This message is for the named person's use only. It may contain = confidential, proprietary or legally privileged information. No = confidentiality or privilege is waived or lost by any mistransmission. = If you receive this message in error, please notify the sender urgently = and then immediately delete the message and any copies of it from your = system. Please also immediately destroy any hardcopies of the message. = You must not, directly or indirectly, use, disclose, distribute, print, = or copy any part of this message if you are not the intended recipient. = The sender's company reserves the right to monitor all e-mail = communications through their networks. Any views expressed in this = message are those of the individual sender, except where the message = states otherwise and the sender is authorised to state them to be the = views of the sender's company. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org