httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kuba <ma...@ics.muni.cz>
Subject Re: [users@httpd] mod_ssl and virtual host
Date Fri, 28 Jan 2011 07:37:49 GMT
Dne 28.1.2011 02:51, bfree@free-man.net napsal(a):
> The certificate is not trusted because it is self-signed.
> The certificate is only valid for free-man.net
>
> what am I doing wrong?

You can not use name-based virtual hosts for SSL if your Apache is older than 2.2.12
or your OpenSSL does not support SNI or the client is MSIE on Windows XP.

In other words, you need a separate IP address for each SSL certificate,
because the SSL connection is established before the HTTP connection takes place
and the server does not know which certificate to choose.

See
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts
http://en.wikipedia.org/wiki/Server_Name_Indication

Use IP-based virtual hosts instead.

Cheers

Martin
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Supercomputing Center Brno             Martin Kuba
Institute of Computer Science    email: makub@ics.muni.cz
Masaryk University             http://www.ics.muni.cz/~makub/
Botanicka 68a, 60200 Brno, CZ     mobil: +420-603-533775
--------------------------------------------------------------


Mime
View raw message