Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 33144 invoked from network); 16 Mar 2006 12:49:26 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 16 Mar 2006 12:49:26 -0000 Received: (qmail 51016 invoked by uid 500); 16 Mar 2006 12:49:16 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 51001 invoked by uid 500); 16 Mar 2006 12:49:16 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 50990 invoked by uid 99); 16 Mar 2006 12:49:16 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Mar 2006 04:49:16 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of mymaillists@gmx.at designates 213.165.64.20 as permitted sender) Received: from [213.165.64.20] (HELO mail.gmx.net) (213.165.64.20) by apache.org (qpsmtpd/0.29) with SMTP; Thu, 16 Mar 2006 04:49:15 -0800 Received: (qmail invoked by alias); 16 Mar 2006 12:48:54 -0000 Received: from bandicoot.cc.meduniwien.ac.at (EHLO bandicoot) [149.148.52.89] by mail.gmx.net (mp023) with SMTP; 16 Mar 2006 13:48:54 +0100 X-Authenticated: #24019945 From: Markus Mayer To: users@httpd.apache.org Date: Thu, 16 Mar 2006 13:48:53 +0100 User-Agent: KMail/1.8.2 References: <868xra3fhe.fsf@mau.intra.tuxee.net> <200603161214.10191.mymaillists@gmx.at> <864q1y38ou.fsf@mau.intra.tuxee.net> In-Reply-To: <864q1y38ou.fsf@mau.intra.tuxee.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200603161348.53419.mymaillists@gmx.at> X-Y-GMX-Trusted: 0 X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Re: Are multiple ok with wildcard cert ? X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Hi, OK, I didn't make my point very well actually. Yes it works even when you= =20 have multiple ssl hosts on the same IP. The problem is only one certificat= e=20 is valid, and the browser will put up a message saying something like the=20 certificate is valid but not issued for this host. This is the thing that= =20 doesn't work that I was talking about. As for a wildcard certificate, I=20 actually haven't heard of one, which of course doesn't say they don't exist. So, to answer your question, yes, what you have will run, but it doesn't=20 really make much sence, especially if you have to provide a commercial=20 solution, as I do. greetings from Austria Markus On Thursday 16 March 2006 12:55, Fr=E9d=E9ric Jolliton wrote: > Hi Markus, > > [..] > > >> Again, there is no problems with this config, but I was just > >> wondering about its validity. > > [..] > > > Actually, having multiple HTTPS virtual hosts on the same IP address > > is not possible becasue of limitations in SSL itself. > > Are you sure you read my message in details ? I presented a *working* > configuration (I'm running it on my server.) > > It's possible to have several https virtual hosts on the same IP > address (on the same port), as long as the certificate's 'cn' field > match all the corresponding domain names. So you need a wildcard > certificate (and client supporting at least one '*' wildcard.) And to > be more precise, it works even without any valid 'cn' as long as the > client process https without taking care of the certificate (useless > and bad, but possible.) > > I asked because I would like to know if it's fine to configure the > server as shown in my original message. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org