[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] 2 virtual hosts, 2 certs



Peter van den Heuvel wrote:
AFAIK virtual hosting isnt possible with SSL.


Is correct. Think about it:
1) Open a socket.
2) Negotiate SSL over the socket.
3) Send first HTTP GET/POST over SSL.

During step two the server simply does not know what virtual domain might later be requested in step 3. So you must tie certificates to sockets; either IP's or ports.

Sorry, it is possible.

Tying a cert to an IP doesn't make it impossible. Apache can handle IP-based virtual domains, and can listen on different ports for multiple IP addresses. Linux can easily handle multiple IP addresses on the same NIC. QED, it's possible to host mutliple SSL virtual domains on a single apache daemon, as long as each host has its own unique IP address.

I'm doing it!

Cheers, Laurie.
--
--------------------------------------------------------------------
                               Laurie Brown
                           laurie@xxxxxxxxxxxx
--------------------------------------------------------------------


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here