httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Are multiple <VirtualHost *:80 *:443> ok with wildcard cert ?
Date Fri, 17 Mar 2006 10:29:02 GMT
> -----Original Message-----
> From: Markus Mayer [mailto:mymaillists@gmx.at] 
> Sent: Freitag, 17. März 2006 11:18
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Are multiple <VirtualHost *:80 
> *:443> ok with wildcard cert ?
> 
> 
> Then it seems I will have to find our more about the wildcard 
> certificates, 

Please do... There is some debate as to whether they are still available and, if so, from
whom. There was a posting a few weeks back from someone who had a commercial wild-card cert
but I can't remember who he got it from. AFAIK, Verisign don't sell them anymore (if they
ever did) but Thwate might be more hopeful...

Good Luck... and post back any results you find. 

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> maybe they will save me some work....
> 
> On Thursday 16 March 2006 15:49, Ryan McDonald wrote:
> > Actually it is possible since a wildcard certificate is being used
> >
> > As long as each virtual host is valid for that certificate 
> everything
> > will work.
> >
> > Example wildcard certificate for *.mydomain.com
> >
> > and the following virtual hosts
> >
> >   <VirtualHost *:80 *:443>
> > 	ServerName www.mydomain.com
> > 	...
> > </VirtualHost>
> >
> >   <VirtualHost *:80 *:443>
> > 	ServerName www2.mydomain.com
> > 	...
> > </VirtualHost>
> >
> >
> > The wildcard certificate is valid for both virtual hosts so this
> > scenario will work
> >
> > On 16-Mar-06, at 7:48 AM, Markus Mayer wrote:
> > > Hi,
> > >
> > > OK, I didn't make my point very well actually.  Yes it works even
> > > when you
> > > have multiple ssl hosts on the same IP.  The problem is only one
> > > certificate
> > > is valid, and the browser will put up a message saying something
> > > like the
> > > certificate is valid but not issued for this host.  This is the
> > > thing that
> > > doesn't work that I was talking about.  As for a wildcard
> > > certificate, I
> > > actually haven't heard of one, which of course doesn't say they
> > > don't exist.
> > >
> > > So, to answer your question, yes, what you have will run, but it
> > > doesn't
> > > really make much sence, especially if you have to provide 
> a commercial
> > > solution, as I do.
> > >
> > > greetings from Austria
> > > Markus
> > >
> > > On Thursday 16 March 2006 12:55, Frédéric Jolliton wrote:
> > >> Hi Markus,
> > >>
> > >> [..]
> > >>
> > >>>> Again, there is no problems with this config, but I was just
> > >>>> wondering about its validity.
> > >>
> > >> [..]
> > >>
> > >>> Actually, having multiple HTTPS virtual hosts on the 
> same IP address
> > >>> is not possible becasue of limitations in SSL itself.
> > >>
> > >> Are you sure you read my message in details ? I 
> presented a *working*
> > >> configuration (I'm running it on my server.)
> > >>
> > >> It's possible to have several https virtual hosts on the same IP
> > >> address (on the same port), as long as the certificate's 
> 'cn' field
> > >> match all the corresponding domain names. So you need a wildcard
> > >> certificate (and client supporting at least one '*' 
> wildcard.) And to
> > >> be more precise, it works even without any valid 'cn' as 
> long as the
> > >> client process https without taking care of the 
> certificate (useless
> > >> and bad, but possible.)
> > >>
> > >> I asked because I would like to know if it's fine to 
> configure the
> > >> server as shown in my original message.
> > >
> > > 
> ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP Server
> > > Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> >
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP 
> Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
>
 
 
This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. No confidentiality or privilege is waived or lost by any
mistransmission. If you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system. Please also immediately
destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail communications through their
networks. Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorised to state them to be the views of
the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message