httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan McDonald <rmcdon...@futurebrand.com>
Subject Re: [users@httpd] Re: Are multiple <VirtualHost *:80 *:443> ok with wildcard cert ?
Date Thu, 16 Mar 2006 14:49:21 GMT
Actually it is possible since a wildcard certificate is being used

As long as each virtual host is valid for that certificate everything  
will work.

Example wildcard certificate for *.mydomain.com

and the following virtual hosts

  <VirtualHost *:80 *:443>
	ServerName www.mydomain.com
	...
</VirtualHost>

  <VirtualHost *:80 *:443>
	ServerName www2.mydomain.com
	...
</VirtualHost>


The wildcard certificate is valid for both virtual hosts so this  
scenario will work


On 16-Mar-06, at 7:48 AM, Markus Mayer wrote:

> Hi,
>
> OK, I didn't make my point very well actually.  Yes it works even  
> when you
> have multiple ssl hosts on the same IP.  The problem is only one  
> certificate
> is valid, and the browser will put up a message saying something  
> like the
> certificate is valid but not issued for this host.  This is the  
> thing that
> doesn't work that I was talking about.  As for a wildcard  
> certificate, I
> actually haven't heard of one, which of course doesn't say they  
> don't exist.
>
> So, to answer your question, yes, what you have will run, but it  
> doesn't
> really make much sence, especially if you have to provide a commercial
> solution, as I do.
>
> greetings from Austria
> Markus
>
> On Thursday 16 March 2006 12:55, Frédéric Jolliton wrote:
>> Hi Markus,
>>
>> [..]
>>
>>>> Again, there is no problems with this config, but I was just
>>>> wondering about its validity.
>>
>> [..]
>>
>>> Actually, having multiple HTTPS virtual hosts on the same IP address
>>> is not possible becasue of limitations in SSL itself.
>>
>> Are you sure you read my message in details ? I presented a *working*
>> configuration (I'm running it on my server.)
>>
>> It's possible to have several https virtual hosts on the same IP
>> address (on the same port), as long as the certificate's 'cn' field
>> match all the corresponding domain names. So you need a wildcard
>> certificate (and client supporting at least one '*' wildcard.) And to
>> be more precise, it works even without any valid 'cn' as long as the
>> client process https without taking care of the certificate (useless
>> and bad, but possible.)
>>
>> I asked because I would like to know if it's fine to configure the
>> server as shown in my original message.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server  
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message