httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Mearns" <mearn...@gmail.com>
Subject Re: [users@httpd] Idea for SSL with name-based Vhosts using two servers, mod_rewrite, and mod_proxy
Date Thu, 08 Jan 2009 15:18:47 GMT
On Thu, Jan 8, 2009 at 10:06 AM, Frank Gingras
<francois.gingras@gmail.com> wrote:
> In a scenario where you have two vhosts on *:443, apache will serve the
> certificate from the first vhost for both sites, therefore generating a SSL
> certificate mismatch if a client were to request content from the second
> vhost, and so on.

Ok, I think that clears it up for me. If, for instance, I have two
sites and I want to serve both on 80 and 443, then I can set up 4
vhosts all together, a pair for each site where one in the pair
listens on 80 and the other listens on 443 with SSL enabled. mod_ssl
will choose the first vhost it finds on 443 and use the certificate
specified there, but once the HTTP is decrypted, Apache will be able
to use the Host header and port to choose the correct vhost. Is that
correct?

I guess my confusion was that I didn't realize the certificate is
picked from one vhost, but the content could still be served from
another.

-Brian

--

Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message