two domain names - one IP - both SSL
Chad Leigh -- Shire.Net LLC
chad at shire.net
Fri Apr 30 13:30:39 PDT 2004
On Apr 30, 2004, at 2:09 PM, Remko Lodder wrote:
> Heya,
>
>> Your HTTP client is broken and isn't checking SSL certificates
>> correctly? Or you didn't meet the "one IP" requirement of the original
>> poster. Or you served up the same SSL certificate for every vhost.
>
> Well it's not a real cert. indeed, i cannot afford that, and true,
> it's the same certificate for every vhost i used.
>
>> HTTPS establishes an SSL connection with the server prior to _any_
>> HTTP
>> conversation. Since SSL requires a certificate which is linked to the
>> server host name, and the virtual host name hasn't been transmitted by
>> the client yet, there's no way short of ESP for the server to tell
>> which
>> SSL certificate to use. There's a detailed explanation on the apache
>> website; but this isn't an apache failing so much as a general issue
>> with HTTP/SSL.
>
> Well, i keep wondering then how i got my secure webmail online, secure
> ids viewing etc. (different hostnames on the same ip adres, (i only
> have one ip addr)).
>
Your client is not checking or is set to ignore certificate problems,
or you could have a wildcard certificate that will match any hosts in
the domain name... (But wildcard certs are generally expensive so I
doubt that). A wildcard cert for *.yourdomain.com would match
webmail.yourdomain.com and www.yourdomain.com equally...
Chad
More information about the freebsd-questions
mailing list