Problem is that if you cannot read the request before the SSL handshake, it means that during the SSL handshake Apache does not know which of the three certificates to present to the client since it has not been able to read the Host header yet. Apache will attribute the request to the first of the virtual hosts that matches the IP address and present the certificate of that one to the client. Therefore you cannot use SSL with Named Virtual Hosts. -ascs -----Message d'origine----- De : Andrea Palmieri [mailto:palmieri@xxxxxx] Envoyé : vendredi 22 avril 2005 14:41 À : users@xxxxxxxxxxxxxxxx Objet : Re: [users@httpd] SSL reverse proxy question You are not mistaken....the three CA certificates would match the three servers name...where is the problem ? Do you have any other idea ? Andrea ----- Original Message ----- From: "David Lang" <dlang@xxxxxxxxxxxx> To: <users@xxxxxxxxxxxxxxxx> Sent: Friday, April 22, 2005 3:03 PM Subject: Re: [users@httpd] SSL reverse proxy question > I didn't think you could use name-based virtual hosts with SSL since the > server cert needs to match the hostname requested and the server won't see > the request until after the SSL session is established (at least with > SSL2/3) > > am I mistaken? > > David Lang > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|