httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank Gingras <francois.ging...@gmail.com>
Subject Re: [users@httpd] Idea for SSL with name-based Vhosts using two servers, mod_rewrite, and mod_proxy
Date Thu, 08 Jan 2009 15:06:57 GMT
Bruno - e-comBR wrote:
> 2009/1/8 Brian Mearns <mearns.b@gmail.com>
>
>   
>> On Thu, Jan 8, 2009 at 9:23 AM, Eric Covener <covener@gmail.com> wrote:
>>     
>>> On Thu, Jan 8, 2009 at 8:45 AM, Brian Mearns <mearns.b@gmail.com> wrote:
>>>       
>>>> Is that possible if I want to serve both secure and unsecure (80 and
>>>> 443)? If I just setup my root configuration (i.e., not in a vhost) to
>>>> listen on port 80 and 443 and turn on the SSL engine, then all the
>>>> content will be encrypted, won't it?
>>>>         
>>> No, you can turn on SSL in a single virtualhost (<virtualhost *:443>)
>>> and serve non-SSL from either the "base" server or another virtual
>>> host (<virtualhost *:80>)
>>>       
>
> It's nice. I've been setup today two HTTPS connections with the same
> certificates, using two hosts. But I don't care so much because we use it
> just for encryption.
>
> But I just ask: how apache "knows" what's the right private key without the
> performance cost of loading/trying each key?? Remembering that before
> decrypting it apache don't know what's the right vhost
>
>
>   
>> As I thought. So it looks like I'm falling back to my original
>> solution of using two servers and proxy rewrites...
>>
>> Thanks,
>> Brian
>>
>> --
>>
>> Feel free to contact me using PGP Encryption:
>> Key Id: 0x3AA70848
>> Available from: http://pgp.mit.edu/
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>     
>
>
>   
In a scenario where you have two vhosts on *:443, apache will serve the 
certificate from the first vhost for both sites, therefore generating a 
SSL certificate mismatch if a client were to request content from the 
second vhost, and so on.

Frank.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message