httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] VHOST and SSL
Date Thu, 07 Jun 2007 19:49:43 GMT
On 6/7/07, Sebastien Roy <Apache@pointpub.net> wrote:
> Hi folks,
>
> We are running Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8b DAV/2
> PHP/5.1.4 and everything is working perfectly except one thing and I'm
> sure it's a configuration problem.  We have some domains that have SSL
> certificate and some not.  My problem is very simple, what i'm doing
> wrong if every vhost works using https and use the same certificate.
> What I need is that for exemple https://www.mydomain.com works with
> mydomain.com certificate but that https://www.myotherdom.com is not
> answering 'cause the SSL is only applied to mydomain.com!
>
> Right now every vhost is answering to SSL request.  The config looks
> like that:

You can't have one name "not answer", because apache doesn't know the
name until after it has already done the SSL negotiation. (The name is
carried in the HTTP Host request header which is part of the encrypted
content. This is the same reason you can't do name-based virtual hosts
with SSL.)

You can use mod_rewrite to return forbidden errors to certain
hostnames. (You can even, notwithstanding what I just wrote, use
name-based virtual hosts with identical ssl configuration to capture
and deny the bad names.) You will still get certificate warnings on
the bad names, of course.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message