Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 89938 invoked from network); 7 Jun 2007 19:50:21 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 7 Jun 2007 19:50:21 -0000 Received: (qmail 45116 invoked by uid 500); 7 Jun 2007 19:50:13 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 44842 invoked by uid 500); 7 Jun 2007 19:50:12 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 44831 invoked by uid 99); 7 Jun 2007 19:50:12 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jun 2007 12:50:12 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of jslive@gmail.com designates 64.233.162.230 as permitted sender) Received: from [64.233.162.230] (HELO nz-out-0506.google.com) (64.233.162.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jun 2007 12:50:07 -0700 Received: by nz-out-0506.google.com with SMTP id v1so602443nzb for ; Thu, 07 Jun 2007 12:49:46 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=TefjvBy+Ir0SOuSYlCOIhfAv4aZmICsEwHyZw4E0AsFGO11E8FR/AKmZZUB8x04o/4HWMx8eEdAurzS4pr0cegj1U0o23NrOUXFaoOi1XsN8R96lviWueeHQLkKM+QjAdngEBeIMDWNbQdpzOX7ihARKMcg6IKRoXN4X1W5ZL2s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=Tw/XvwpOy13wHpCPN15EjruAWp8D6WcGM8tzKynJUj1D+pA9wFRW7X5BNG5YEbREmv7jeTxeiXl/VbIXxTk9H9q6KOdU6T3zJACgaQ9rNfdrSwp2Koy/YK4Bx2TioIxPcOrZLVXOGFvT/+B0oCkIsqtoCkQylmgr/ReTmTpho0c= Received: by 10.114.89.1 with SMTP id m1mr1826488wab.1181245783467; Thu, 07 Jun 2007 12:49:43 -0700 (PDT) Received: by 10.114.53.4 with HTTP; Thu, 7 Jun 2007 12:49:43 -0700 (PDT) Message-ID: Date: Thu, 7 Jun 2007 15:49:43 -0400 From: "Joshua Slive" Sender: jslive@gmail.com To: users@httpd.apache.org, Apache@pointpub.net In-Reply-To: <46685F61.5090704@PointPub.NET> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <46685F61.5090704@PointPub.NET> X-Google-Sender-Auth: 49c3a2ef71daaffb X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] VHOST and SSL On 6/7/07, Sebastien Roy wrote: > Hi folks, > > We are running Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8b DAV/2 > PHP/5.1.4 and everything is working perfectly except one thing and I'm > sure it's a configuration problem. We have some domains that have SSL > certificate and some not. My problem is very simple, what i'm doing > wrong if every vhost works using https and use the same certificate. > What I need is that for exemple https://www.mydomain.com works with > mydomain.com certificate but that https://www.myotherdom.com is not > answering 'cause the SSL is only applied to mydomain.com! > > Right now every vhost is answering to SSL request. The config looks > like that: You can't have one name "not answer", because apache doesn't know the name until after it has already done the SSL negotiation. (The name is carried in the HTTP Host request header which is part of the encrypted content. This is the same reason you can't do name-based virtual hosts with SSL.) You can use mod_rewrite to return forbidden errors to certain hostnames. (You can even, notwithstanding what I just wrote, use name-based virtual hosts with identical ssl configuration to capture and deny the bad names.) You will still get certificate warnings on the bad names, of course. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org