httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Mayer <mymailli...@gmx.at>
Subject Re: [users@httpd] Are multiple <VirtualHost *:80 *:443> ok with wildcard cert ?
Date Fri, 17 Mar 2006 10:18:10 GMT

Then it seems I will have to find our more about the wildcard certificates, 
maybe they will save me some work....

On Thursday 16 March 2006 15:49, Ryan McDonald wrote:
> Actually it is possible since a wildcard certificate is being used
>
> As long as each virtual host is valid for that certificate everything
> will work.
>
> Example wildcard certificate for *.mydomain.com
>
> and the following virtual hosts
>
>   <VirtualHost *:80 *:443>
> 	ServerName www.mydomain.com
> 	...
> </VirtualHost>
>
>   <VirtualHost *:80 *:443>
> 	ServerName www2.mydomain.com
> 	...
> </VirtualHost>
>
>
> The wildcard certificate is valid for both virtual hosts so this
> scenario will work
>
> On 16-Mar-06, at 7:48 AM, Markus Mayer wrote:
> > Hi,
> >
> > OK, I didn't make my point very well actually.  Yes it works even
> > when you
> > have multiple ssl hosts on the same IP.  The problem is only one
> > certificate
> > is valid, and the browser will put up a message saying something
> > like the
> > certificate is valid but not issued for this host.  This is the
> > thing that
> > doesn't work that I was talking about.  As for a wildcard
> > certificate, I
> > actually haven't heard of one, which of course doesn't say they
> > don't exist.
> >
> > So, to answer your question, yes, what you have will run, but it
> > doesn't
> > really make much sence, especially if you have to provide a commercial
> > solution, as I do.
> >
> > greetings from Austria
> > Markus
> >
> > On Thursday 16 March 2006 12:55, Frédéric Jolliton wrote:
> >> Hi Markus,
> >>
> >> [..]
> >>
> >>>> Again, there is no problems with this config, but I was just
> >>>> wondering about its validity.
> >>
> >> [..]
> >>
> >>> Actually, having multiple HTTPS virtual hosts on the same IP address
> >>> is not possible becasue of limitations in SSL itself.
> >>
> >> Are you sure you read my message in details ? I presented a *working*
> >> configuration (I'm running it on my server.)
> >>
> >> It's possible to have several https virtual hosts on the same IP
> >> address (on the same port), as long as the certificate's 'cn' field
> >> match all the corresponding domain names. So you need a wildcard
> >> certificate (and client supporting at least one '*' wildcard.) And to
> >> be more precise, it works even without any valid 'cn' as long as the
> >> client process https without taking care of the certificate (useless
> >> and bad, but possible.)
> >>
> >> I asked because I would like to know if it's fine to configure the
> >> server as shown in my original message.
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message