Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
Received-SPF: pass (nike.apache.org: local policy)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Thu, 27 Mar 2008 13:52:47 -0400
Message-ID: 
 <B4D7D2EA57F44F44BE0DAFA9F97F2FE10F1F57AC@stamexchange2.paymentech.us>
In-Reply-To: <e498c1660803270915l4e81a9a3q10c173a49f013405@mail.gmail.com>
Thread-Topic: [users@httpd] using non-standard SSL ports
Thread-Index: AciQJd+3DKWu4xb8RCu0LarJKibVVQADVMnA
From: "Wilda, Jet" <Jet.Wilda@ChasePaymentech.com>
To: <users@httpd.apache.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [users@httpd] using non-standard SSL ports

I think the bigger issue is that you certificate will be for 1 FQDN i.e.
sample.com and hitting with any other FQDN will pop up a window saying
the certificate and servername don't match.

~Jet

-----Original Message-----
From: jslive@gmail.com [mailto:jslive@gmail.com] On Behalf Of Joshua
Slive
Sent: Thursday, March 27, 2008 12:16 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] using non-standard SSL ports

On Thu, Mar 27, 2008 at 12:02 PM, John Almberg <jalmberg@identry.com>
wrote:
> I run a web server with a bunch of websites, all of which need an SSL
>  connection. Instead of buying a big block of new IP addresses, I'm
>  thinking of running the SSL virtual hosts on non-standard ports, like
>  444, 445, etc. (just an example... I'd probably use a higher set of
>  numbers.)

>  Why don't you see more SSL addresses like this? Why shouldn't I do
this?

I'm not really an expert in this, but I'd say the reasons are:

1=2E Corporate firewall rules that block everything but 80 and 443.

2=2E Some users (smart ones) will take a careful look at the browser's
location bar before trusting an SSL site. Seeing a non-standard port
may give them doubts. (For example, perhaps a hacker broke into the
server and setup a site to steal info on a high-numbered port.)

I don't have any data to say whether these are serious problems or
not. Technically, your solution will work fine.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
----------
Learn more about Chase Paymentech Solutions,LLC payment processing services=
 at www.chasepaymentech.com.

THIS MESSAGE IS CONFIDENTIAL.  This e-mail message and any attachments are =
proprietary and confidential information intended only for the use of the r=
ecipient(s) named above.  If you are not the intended recipient, you may no=
t print, distribute, or copy this message or any attachments.  If you have =
received this communication in error, please notify the sender by return e-=
mail and delete this message and any attachments from your computer.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org