[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] [Apache - SuSE 8.2 Pro] 2 different WWW virtual hosts, 2 different certs



Hi,

> > AFAIK virtual hosting isnt possible with SSL.
>
> Yes it is, because I'm doing it. You do need a separate IP address per
> cert/host pair, and to be fair, setting it up isn't trivial.
>
> http://httpd.apache.org/docs/vhosts/name-based.html
>
> "Name-based virtual hosting cannot be used with SSL secure servers because
of
> the nature of the SSL protocol."

To be precise: SSL looks up the IP address, connects it and exchanges certs
first. Encryption is done before the "GET" request, so name resolution is
not possible for apache at this time - it has to choose the config by IP and
port. You may specify different ports for each SSL virtual host as well,
instead of using IPs (in most cases they cost money :-) , i. e.

<VirtualHost eth0.ip.address:443>
... certs for host 1
</VirtualHost>
<VirtualHost eth0.ip.address:4443>
... certs for host 3
</VirtualHost>
<VirtualHost eth0.ip.address:44443>
... certs for host 3
</VirtualHost>

and using correct links in your html, this works fine for me.

Ciao,
Dieter

---------------------------------------------------------------
Dieter Kirchner
Systemadministration BUPNET
+49 551 54707 62 D-Goettingen
http://www.bupnet.de
---------------------------------------------------------------


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here