1. SSL allows one certificate per port/IP Address. 2. Only one server (protocol) can run on each port/IP Address. You cannot use HTTP and HTTPS on the same port/IP Address. HTTP and HTTPS are distinct protocols. Imagine running SMTP and HTTP servers on the same port. That one server software installation (e.g. Apache httpd) can handle more than one protocol (FTP, HTTP, HTTPS, LDAP, etc.) does not allow breaking this rule. 3. You cannot use multiple SSL certificates for virtual hosts on one port/IP Address. Assigning a SSL certificate to a virtual server must specify a distinct port -- VirtualHost * will not work. See: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#aboutconfig http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts The summary is HTTPS encryption must be negotiated before the server reads the request. If the port allows HTTP (unencrypted) sessions, the SSL negotiation will not happen. If an HTTPS request is attempted, browsers try to negotiate encryption and the connection fails. Yes, SSL for HTTPS was designed poorly. TLS/SNI tries to fix these issues, but requires ubiquitous browser and server support -- unlikely for several years. Today, the only solution is to use a distinct port or IP Address for each SSL certificate/HTTPS server. I recommend using separate IP Addresses to avoid port numbers in URLs. Sorry, solprovider On 11/9/08, David BERCOT <debian@xxxxxxxxxx> wrote: > I'm new on this list and this is my first message. So, a little > presentation : I'm French, I work on Debian and I have a problem ;-) > > On my server, I can only use port 80, for http and https access. So, > here is my /etc/apache2/sites-available/default file : > ServerAdmin me@xxxxxxxxxxxxx > <Directory /> > Options FollowSymLinks > AllowOverride AuthConfig > </Directory> > ErrorLog /var/log/apache2/error.log > # Possible values include: debug, info, notice, warn, error, crit, > alert, emerg. LogLevel warn > CustomLog /var/log/apache2/access.log combined > ServerSignature On > NameVirtualHost * > <VirtualHost *> > ServerName site1.mydomaine.org > DocumentRoot /site1 > </VirtualHost> > > <VirtualHost *> > ServerName site2.mydomaine.org > DocumentRoot /site2 > </VirtualHost> > > <VirtualHost *> > ServerName site3.mydomaine.org > DocumentRoot /site3 > SSLEngine on > SSLCertificateFile /ssl/site3.cert > SSLCertificateKeyFile /ssl/site3.key > </VirtualHost> > > If I try https://site3.mydomaine.org:80/, it should works, no ? > In fact, it is ok for site1 and site2, and for site3, it works only in > http !!! It seems it should not work in http, no ? > If I open (only for tests) the 443 port, it works correctly in https. > Do you have any clue ? > > Thanks. > David. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|