You can very well have several SSL virtual hosts. What does not work is several Named Virtual Hosts listening on the same SSL address/port.
The problem is that the Host header is passed to the web server after the SSL handshake has taken place. Therefore, at the time the handshake takes place, the Apache server does not know the ServerName referred by the client.
-ascs
-----Message d'origine-----
De : Diego M. Vadell [mailto:dvadell@xxxxxxxxxxxxxx]
Envoyé : mercredi 16 mars 2005 15:09
À : users@xxxxxxxxxxxxxxxx
Objet : [users@httpd] Multiple SSL enabled Virtual Servers and mod_rewrite
Hi,
Im a bit confused with multiple virtual hosts with SSL. Clearly you cannot use multiple <VirtualHost> with SSL, but I dont undestand *why*. I googled for it, but I still dont understand.
I know that, by protocol design, https can deal with one certificate per IP/port . Client and server will exchange certificates before the client sends the request (I apologize for my lack of knowledge and vocabulary), so there is no way to avoid having a popup warning about the domain name mismatch if I want to make two SSL-enabled virtual hosts. But I noticed that even working with https, the HTTP_HOST variable is set independent from the servername in the SSL VirtualHost.
So I wrote a couple of mod_rewrite rules , put them into the SSL Virtualhost, and now I can browse https://domain1.com/ and https://domain2.com/ and it will serve different pages, the same as with VirtualHost (in fact, the mod_rewrite rules are not others than the "VirtualHosts without VirtualHosts" example in mod_rewrite's documentation).
My questions: Is there any other better way of doing this? What are the drawbacks? Any comments? Im a bit lost in not finding an answer to a useful thing like SSL-enabled virtual host (or alike).
BTW, I know I will have the warning about the certificate name mismatch, I just find useful to have the HTTP traffic encrypted.
Looking forward to your answers, and sorry for my English,
-- Diego.
--
-----
:( >> $$
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|