Then it seems I will have to find our more about the wildcard certificates, maybe they will save me some work.... On Thursday 16 March 2006 15:49, Ryan McDonald wrote: > Actually it is possible since a wildcard certificate is being used > > As long as each virtual host is valid for that certificate everything > will work. > > Example wildcard certificate for *.mydomain.com > > and the following virtual hosts > > <VirtualHost *:80 *:443> > ServerName www.mydomain.com > ... > </VirtualHost> > > <VirtualHost *:80 *:443> > ServerName www2.mydomain.com > ... > </VirtualHost> > > > The wildcard certificate is valid for both virtual hosts so this > scenario will work > > On 16-Mar-06, at 7:48 AM, Markus Mayer wrote: > > Hi, > > > > OK, I didn't make my point very well actually. Yes it works even > > when you > > have multiple ssl hosts on the same IP. The problem is only one > > certificate > > is valid, and the browser will put up a message saying something > > like the > > certificate is valid but not issued for this host. This is the > > thing that > > doesn't work that I was talking about. As for a wildcard > > certificate, I > > actually haven't heard of one, which of course doesn't say they > > don't exist. > > > > So, to answer your question, yes, what you have will run, but it > > doesn't > > really make much sence, especially if you have to provide a commercial > > solution, as I do. > > > > greetings from Austria > > Markus > > > > On Thursday 16 March 2006 12:55, Frédéric Jolliton wrote: > >> Hi Markus, > >> > >> [..] > >> > >>>> Again, there is no problems with this config, but I was just > >>>> wondering about its validity. > >> > >> [..] > >> > >>> Actually, having multiple HTTPS virtual hosts on the same IP address > >>> is not possible becasue of limitations in SSL itself. > >> > >> Are you sure you read my message in details ? I presented a *working* > >> configuration (I'm running it on my server.) > >> > >> It's possible to have several https virtual hosts on the same IP > >> address (on the same port), as long as the certificate's 'cn' field > >> match all the corresponding domain names. So you need a wildcard > >> certificate (and client supporting at least one '*' wildcard.) And to > >> be more precise, it works even without any valid 'cn' as long as the > >> client process https without taking care of the certificate (useless > >> and bad, but possible.) > >> > >> I asked because I would like to know if it's fine to configure the > >> server as shown in my original message. > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP Server > > Project. > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|