httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruiyuan Jiang <Ruiyuan_Ji...@liz.com>
Subject RE: [users@httpd] Number of https virtual hosts support under v2.0.59
Date Fri, 12 Mar 2010 18:39:45 GMT
Hi, Philip

I don't know how to configure SNI on Apache since I don't see anything from mod_ssl's document
that Krist replied to me before. I assume it automatically works. I just configured ssl virtualhost
the same way as http virtualhost plus ssl's unique requirements.
I use Windows XP. I tested IE 8 with Vista on a MacBook and it works since that is what I
have at the moment.
I was planning to have live sites on the internet by unknown users. Now I guess I need to
have second thought.
I tested on v2.0.59. It needs a lot of IPs for certs that I'd like to migrate to.

Ryan



-----Original Message-----
From: Philip Wigg [mailto:phil@philipwigg.co.uk] 
Sent: Friday, March 12, 2010 11:58 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Number of https virtual hosts support under v2.0.59

On 12 March 2010 16:43, Ruiyuan Jiang <Ruiyuan_Jiang@liz.com> wrote:
> Hi, Krist
>
> I tested with Apache 2.2.15 reverse proxy with two certs on the Apache, one is real cert
and the other is self-signed. The configuration is virtualhosts for ssl.
> The results that I got are:
>
> On PC client:
>
> Firefox v3.5.8 showed correct certs, one real and the other is not.
> IE 8 showed incorrect when I viewed the certs. The self-signed cert site used the real
cert.
>
> On MAC client:
>
> Both Safari 4.0.4 and Firefox 3.5.2 showed correctly, one real and one self-signed cert.
>
> My question is eventually both sites will have real certs when I am done testing. Will
IE 6 and above uses the correct certs or only uses one cert, may be the first virtual host
listed in ssl configuration file of Apache?

Presuming you've configured SNI correctly, what operating system are
you using? Note that SNI only works with IE 7 and 8 only work when
running on Vista or higher, not with Windows XP. IE6 doesn't support
SNI at all and never will to my knowledge.

Are you putting this on a live site to be accessed by unknown users on
the internet? If so, basically, don't. Most users on the internet will
not be running an SNI-capable browser.

-- Phil.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended 
recipient, please notify the sender immediately by 
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message