httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chirouze Olivier" <olivier.chiro...@volvo.com>
Subject RE: [users@httpd] Virtual SSL on one IP?
Date Wed, 28 Feb 2007 09:18:14 GMT
Hi,

I would like to say this different:
Indeed, there is no way to use NAME BASED virtual hosts on the same IP /
Port with different SSL certificates.
However, it is possible to use IP PASED virtual hosts with different SSL
certificates => they will have to be on different Ips or different
ports.

Also, something that is never said, probably because it's not officialy
supported: it is possible to use "dirty" name based virtual hosts with
the _SAME_ SSL certificate (at least with Apache 2.0).

As said previously, the server name is also encrypted. But it seems like
Apache uses the first SSL certificate it founds (the first
SSLCertificateFile directive), whatever the servername. Once the SSL
handshake has been done, name based virtual hosts work just like with
non-SSL vhosts. Obviously, this will only work with "wildcard"
certificates. You'll have to share the same "*.mydomain.com" certificate
for all your "servername1.mydomain.com", "servername2.mydomain.com"
dirty name based virtual hosts.
If you want to use this alternative, I suggest including a .conf file in
each of your <VirtualHost> directives. This .conf file will contain only
SSLCertificateFile directive to show that all your virtual hosts use the
same file and that you can't change one without affecting the others...

So, in a word, you can use name based virtual hosts with a wildcard SSL
certificate, all the "non-SSL" directives will work as expected on your
virtual hosts.

This is not a very clean alternative, but that can prove very useful
when you don't have plenty of IPs...

Olivier

Olivier CHIROUZE
I&0 Infrastructure
Volvo Information Technology
 

> -----Original Message-----
> From: Gonzalez, Miguel [mailto:miguel.gonzalez@threespot.com] 
> Sent: 27 February 2007 18:27
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] Virtual SSL on one IP?
> 
> There is no way to use virtual host on the same secure port, you will
> need to use different ports. It is a question that the servername is
> also encrypted so there is no way to use virtualhosting
> 
> Miguel
> 
> > -----Original Message-----
> > From: Marc Perkel [mailto:marc@perkel.com]
> > Sent: Tuesday, February 27, 2007 12:25 PM
> > To: users@httpd.apache.org
> > Subject: [users@httpd] Virtual SSL on one IP?
> > 
> > Is there a way to run multiple virtual sites on one IP 
> using different
> > certificates? Apache 2.2
> > 
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message