Return-Path: 
 <users-return-85217-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 13421 invoked from network); 8 Jan 2009 15:19:28 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 8 Jan 2009 15:19:28 -0000
Received: (qmail 23677 invoked by uid 500); 8 Jan 2009 15:19:16 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 23652 invoked by uid 500); 8 Jan 2009 15:19:16 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 23617 invoked by uid 99); 8 Jan 2009 15:19:16 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Jan 2009 07:19:16 -0800
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of mearns.b@gmail.com designates
 72.14.204.168 as permitted sender)
Received: from [72.14.204.168] (HELO qb-out-1314.google.com) (72.14.204.168)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Jan 2009 15:19:08 +0000
Received: by qb-out-1314.google.com with SMTP id p4so3534258qba.40
        for <users@httpd.apache.org>; Thu, 08 Jan 2009 07:18:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:in-reply-to:mime-version:content-type
         :content-transfer-encoding:content-disposition:references;
        bh=yoqwaavFHZKI4RJ9SD94XEKsFrq5275UXH7EB6T/OY0=;
        b=GJPEYbE/OEE3dL6fdRVqqqSn3YIt7vKtiXUkISK7PT8VeqpzeuB8asKHpoDrjP3fGI
         CeDOYTESIQ7mekfeTsI+DADV1iywMMuR8AprO0BuNtJ/9jye3eu/ctS6qYdJz8u+8uwQ
         bQgPB8IM8bNtvGRG9nWPPyeCM90mo6WSzt6a0=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:content-transfer-encoding:content-disposition
         :references;
        b=ZLhUEMhMhw1JaztlL/UCNzvnYy7dGVr6pQET+4WrWPmUntwlwJTUztvKZ+86t6dT+S
         ycAyTwzGd+sP7JDF8551oJjRJ2v5lu8GP2uql7G93txHwSZv1YDhbet+NqKIQYlr0k5I
         es6lpIeny6vfx5M1QYhzIsgGsZoDm1mDWO438=
Received: by 10.65.74.16 with SMTP id b16mr16063915qbl.1.1231427927243;
        Thu, 08 Jan 2009 07:18:47 -0800 (PST)
Received: by 10.65.81.7 with HTTP; Thu, 8 Jan 2009 07:18:47 -0800 (PST)
Message-ID: <4df3a1330901080718u519c2c3bk107c4dd3abf5d180@mail.gmail.com>
Date: Thu, 8 Jan 2009 10:18:47 -0500
From: "Brian Mearns" <mearns.b@gmail.com>
To: users@httpd.apache.org
In-Reply-To: <49661691.7000005@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <4df3a1330901070706i3f6094edj7f58fc94dc18b7cf@mail.gmail.com>
	 <4964C68A.70607@onlyforfun.net>
	 <4df3a1330901070727v4aafb56ve64bc436369143b7@mail.gmail.com>
	 <6ed6382b0901072228o53babf05t9a8b7e522f9fdb89@mail.gmail.com>
	 <4df3a1330901080545s5447587dv2180795b16e8df1@mail.gmail.com>
	 <1404e5910901080623p1c240c30xc328ff2a325610a4@mail.gmail.com>
	 <4df3a1330901080629h50efb2ecp9c6332387621ccb7@mail.gmail.com>
	 <d156c41c0901080656x7c97430apd554acb1c4fd2d22@mail.gmail.com>
	 <49661691.7000005@gmail.com>
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd] Idea for SSL with name-based Vhosts using two
 servers, mod_rewrite, and mod_proxy

On Thu, Jan 8, 2009 at 10:06 AM, Frank Gingras
<francois.gingras@gmail.com> wrote:
> In a scenario where you have two vhosts on *:443, apache will serve the
> certificate from the first vhost for both sites, therefore generating a SSL
> certificate mismatch if a client were to request content from the second
> vhost, and so on.

Ok, I think that clears it up for me. If, for instance, I have two
sites and I want to serve both on 80 and 443, then I can set up 4
vhosts all together, a pair for each site where one in the pair
listens on 80 and the other listens on 443 with SSL enabled. mod_ssl
will choose the first vhost it finds on 443 and use the certificate
specified there, but once the HTTP is decrypted, Apache will be able
to use the Host header and port to choose the correct vhost. Is that
correct?

I guess my confusion was that I didn't realize the certificate is
picked from one vhost, but the content could still be served from
another.

-Brian

--

Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org