Re: [users@httpd] Re: Are multiple <VirtualHost *:80 *:443> ok with wildcard cert ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Actually it is possible since a wildcard certificate is being used

As long as each virtual host is valid for that certificate everything will work.

Example wildcard certificate for *.mydomain.com

and the following virtual hosts

 <VirtualHost *:80 *:443>
	ServerName www.mydomain.com
	...
</VirtualHost>

 <VirtualHost *:80 *:443>
	ServerName www2.mydomain.com
	...
</VirtualHost>


The wildcard certificate is valid for both virtual hosts so this scenario will work


On 16-Mar-06, at 7:48 AM, Markus Mayer wrote:

Hi,

OK, I didn't make my point very well actually. Yes it works even when you have multiple ssl hosts on the same IP. The problem is only one certificate is valid, and the browser will put up a message saying something like the certificate is valid but not issued for this host. This is the thing that doesn't work that I was talking about. As for a wildcard certificate, I actually haven't heard of one, which of course doesn't say they don't exist.

So, to answer your question, yes, what you have will run, but it doesn't
really make much sence, especially if you have to provide a commercial
solution, as I do.

greetings from Austria
Markus

On Thursday 16 March 2006 12:55, Frédéric Jolliton wrote:
Hi Markus,

[..]

Again, there is no problems with this config, but I was just
wondering about its validity.

[..]

Actually, having multiple HTTPS virtual hosts on the same IP address
is not possible becasue of limitations in SSL itself.

Are you sure you read my message in details ? I presented a *working*
configuration (I'm running it on my server.)

It's possible to have several https virtual hosts on the same IP
address (on the same port), as long as the certificate's 'cn' field
match all the corresponding domain names. So you need a wildcard
certificate (and client supporting at least one '*' wildcard.) And to
be more precise, it works even without any valid 'cn' as long as the
client process https without taking care of the certificate (useless
and bad, but possible.)

I asked because I would like to know if it's fine to configure the
server as shown in my original message.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux