Re: [users@httpd] Multiple SSL virtual servers on the same IP address and port number

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 06.07.06 21:38, James Jacob wrote:
> I'm using Apache HTTP Server (version 2.0.55) for my project. I'm having
> three SSL sites which I run on the same IPaddress, but with different port
> numbers.
>    
> For example say for the ports 443, 444 & 445. 
> The sites I have can be for example, 
> 1) one.xyz.com 
> 2) two.xyz.com
> 3) three.xyz.com
>    
> I have also set re-direction such that if the user types a  http:// site
> it gets redirected to the corresponding https:// site with the required
> port number. However, the issue comes when the user types https:// without
> the required port number, since it goes to the default https:// site.

> Is there any way to add more SSL virtual server sites with the same IP
> address and Port ?  If the user types https://two.xyz.com then it should
> get re-directed to https://two.xyz.com:444 . Rightnow it shows one.xyz.com
> since that site is given with the default port. Any script or something
> which can do the trick could be useful.

I guess you are running different ssl virtual hosts on different ports
because of having different certificates for them.

If user types https://two.xyz.com, (s)he will get message that the certificate
does not match the site (s)hes is trying to access.

This is message that people usually try to avoid, and you will get it even
if you set up another name-based virtual host(s) on the same host/port only
to redirect user to the correct port number.

If you want to avoid this message, I only see these solutions:

- run those hosts on different IP's

- run all those hosts on different port than 443
  (users will need to specify port)

- run 3 name-based virtual hosts on the same IP/port and use wildcard
certificate *.xyz.com there (some companies do not like to sign wildcard
certificates).

-- 
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux