I think the bigger issue is that you certificate will be for 1 FQDN i.e. sample.com and hitting with any other FQDN will pop up a window saying the certificate and servername don't match. ~Jet -----Original Message----- From: jslive@xxxxxxxxx [mailto:jslive@xxxxxxxxx] On Behalf Of Joshua Slive Sent: Thursday, March 27, 2008 12:16 PM To: users@xxxxxxxxxxxxxxxx Subject: Re: using non-standard SSL ports On Thu, Mar 27, 2008 at 12:02 PM, John Almberg <jalmberg@xxxxxxxxxxx> wrote: > I run a web server with a bunch of websites, all of which need an SSL > connection. Instead of buying a big block of new IP addresses, I'm > thinking of running the SSL virtual hosts on non-standard ports, like > 444, 445, etc. (just an example... I'd probably use a higher set of > numbers.) > Why don't you see more SSL addresses like this? Why shouldn't I do this? I'm not really an expert in this, but I'd say the reasons are: 1. Corporate firewall rules that block everything but 80 and 443. 2. Some users (smart ones) will take a careful look at the browser's location bar before trusting an SSL site. Seeing a non-standard port may give them doubts. (For example, perhaps a hacker broke into the server and setup a site to steal info on a high-numbered port.) I don't have any data to say whether these are serious problems or not. Technically, your solution will work fine. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx ---------- Learn more about Chase Paymentech Solutions,LLC payment processing services at www.chasepaymentech.com. THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are proprietary and confidential information intended only for the use of the recipient(s) named above. If you are not the intended recipient, you may not print, distribute, or copy this message or any attachments. If you have received this communication in error, please notify the sender by return e-mail and delete this message and any attachments from your computer. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|