Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 87624 invoked from network); 22 Nov 2009 13:08:24 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 22 Nov 2009 13:08:24 -0000 Received: (qmail 64973 invoked by uid 500); 22 Nov 2009 13:08:21 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 64908 invoked by uid 500); 22 Nov 2009 13:08:21 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 64899 invoked by uid 99); 22 Nov 2009 13:08:21 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 22 Nov 2009 13:08:21 +0000 X-ASF-Spam-Status: No, hits=-3.6 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [131.130.3.115] (HELO grace.univie.ac.at) (131.130.3.115) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 22 Nov 2009 13:08:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=univie.ac.at; s=rev1; h=Date:From:To:Subject:Message-ID: References:MIME-Version:Content-Type:In-Reply-To; bh=I6t65vvHzR5 bI3Br7TTcubpb3rWVcArkXxahp/4swFI=; b=2BqhZEkr64sFJOjBU1pYLjcxa4T jnmrRxe92667RKSP0bKsLaw0wI6G4y+dbyiH4VztsjTMynnC7wpmxCCVx7uHBgor 9gT20odGr3LSj9JKVCA81HiYougN7TfJFSnNY1NaYQkZp5R1wzW/xvjp/12TS497 h63EQjNXzAilV61c= Received: from joan.univie.ac.at ([131.130.3.110] helo=joan.univie.ac.at) by grace.univie.ac.at with esmtp (Exim 4.69) (envelope-from ) id 1NCCAV-0005Xh-80 for users@httpd.apache.org; Sun, 22 Nov 2009 14:07:55 +0100 Received: from [2001:62a:4:202:215:60ff:fe9d:f9ba] (helo=wssp.cc.univie.ac.at) by joan.univie.ac.at with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1NCCAV-0002Nx-6v for users@httpd.apache.org; Sun, 22 Nov 2009 14:07:55 +0100 Received: from peter by wssp.cc.univie.ac.at with local (Exim 4.69) (envelope-from ) id 1NCCAU-00022E-RZ for users@httpd.apache.org; Sun, 22 Nov 2009 14:07:54 +0100 Date: Sun, 22 Nov 2009 14:07:54 +0100 From: Peter Schober To: users@httpd.apache.org Message-ID: <20091122130753.GD6857@wssp.cc.univie.ac.at> Mail-Followup-To: users@httpd.apache.org References: <578971.44101.qm@web23001.mail.ird.yahoo.com> <4df3a1330911210901u389c7775q3771b2dafb459608@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4df3a1330911210901u389c7775q3771b2dafb459608@mail.gmail.com> User-Agent: Mutt Organization: Vienna University Computer Center Subject: Re: [users@httpd] Name virtual hosts and HTTPS * Brian Mearns [2009-11-21 18:02]: > Only the latest Apache (2.2.14) and OpenSSL built with the > tlsextensions options support this. It's case SNI (Server Name > Identification), where the client can send the fully qualified domain > name as part of the handshake process. Without this, the server has no > way knowing which vhost the client is looking for until the > certificate has already been presented (because the Host: HTTP request > header is part of the encrypted payload, which can't be sent until the > client has the cert), so it can't choose SSL options (including the > cert file) based on host name. Or put all vhosts in the certificate (as X.509v3 SubjectAltName extensions) and serve up the same cert on every vhost. How you put these in the CSR is not part of this list and depends on your CA (some require to put all hostnames in the CN, i.e. multi-valued CNs, others require to stick these in the v3 extension.) -peter --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org