httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject Re: [users@httpd] Idea for SSL with name-based Vhosts using two servers, mod_rewrite, and mod_proxy
Date Thu, 08 Jan 2009 18:00:54 GMT
On Thu, Jan 8, 2009 at 9:56 AM, Bruno - e-comBR <bruno@e-combr.com.br> wrote:
>
>
> 2009/1/8 Brian Mearns <mearns.b@gmail.com>
>>
>> On Thu, Jan 8, 2009 at 9:23 AM, Eric Covener <covener@gmail.com> wrote:
>> > On Thu, Jan 8, 2009 at 8:45 AM, Brian Mearns <mearns.b@gmail.com> wrote:
>> >> Is that possible if I want to serve both secure and unsecure (80 and
>> >> 443)? If I just setup my root configuration (i.e., not in a vhost) to
>> >> listen on port 80 and 443 and turn on the SSL engine, then all the
>> >> content will be encrypted, won't it?
>> >
>> > No, you can turn on SSL in a single virtualhost (<virtualhost *:443>)
>> > and serve non-SSL from either the "base" server or another virtual
>> > host (<virtualhost *:80>)
>
> It's nice. I've been setup today two HTTPS connections with the same
> certificates, using two hosts. But I don't care so much because we use it
> just for encryption.
>
> But I just ask: how apache "knows" what's the right private key without the
> performance cost of loading/trying each key?? Remembering that before
> decrypting it apache don't know what's the right vhost


In the case of name-based virtual hosts it doesn't select from them at
all. In the case of distinct ip:port combinations, Apache has been
explicitly directed via the config about which private key is to be
used for each ip:port combination.

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message