It's clear !!! Thanks a lot ! David. Le Tue, 11 Nov 2008 00:17:51 -0500, solprovider@xxxxxxxxxx a écrit : > 1. SSL allows one certificate per port/IP Address. > 2. Only one server (protocol) can run on each port/IP Address. You > cannot use HTTP and HTTPS on the same port/IP Address. HTTP and HTTPS > are distinct protocols. Imagine running SMTP and HTTP servers on the > same port. That one server software installation (e.g. Apache httpd) > can handle more than one protocol (FTP, HTTP, HTTPS, LDAP, etc.) does > not allow breaking this rule. > 3. You cannot use multiple SSL certificates for virtual hosts on one > port/IP Address. Assigning a SSL certificate to a virtual server must > specify a distinct port -- VirtualHost * will not work. > > See: > http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#aboutconfig > http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts > > The summary is HTTPS encryption must be negotiated before the server > reads the request. If the port allows HTTP (unencrypted) sessions, > the SSL negotiation will not happen. If an HTTPS request is > attempted, browsers try to negotiate encryption and the connection > fails. > > Yes, SSL for HTTPS was designed poorly. TLS/SNI tries to fix these > issues, but requires ubiquitous browser and server support -- unlikely > for several years. > > Today, the only solution is to use a distinct port or IP Address for > each SSL certificate/HTTPS server. I recommend using separate IP > Addresses to avoid port numbers in URLs. > > Sorry, > solprovider > > On 11/9/08, David BERCOT <debian@xxxxxxxxxx> wrote: > > I'm new on this list and this is my first message. So, a little > > presentation : I'm French, I work on Debian and I have a > > problem ;-) > > > > On my server, I can only use port 80, for http and https access. > > So, here is my /etc/apache2/sites-available/default file : > > ServerAdmin me@xxxxxxxxxxxxx > > <Directory /> > > Options FollowSymLinks > > AllowOverride AuthConfig > > </Directory> > > ErrorLog /var/log/apache2/error.log > > # Possible values include: debug, info, notice, warn, error, crit, > > alert, emerg. LogLevel warn > > CustomLog /var/log/apache2/access.log combined > > ServerSignature On > > NameVirtualHost * > > <VirtualHost *> > > ServerName site1.mydomaine.org > > DocumentRoot /site1 > > </VirtualHost> > > > > <VirtualHost *> > > ServerName site2.mydomaine.org > > DocumentRoot /site2 > > </VirtualHost> > > > > <VirtualHost *> > > ServerName site3.mydomaine.org > > DocumentRoot /site3 > > SSLEngine on > > SSLCertificateFile /ssl/site3.cert > > SSLCertificateKeyFile /ssl/site3.key > > </VirtualHost> > > > > If I try https://site3.mydomaine.org:80/, it should works, no ? > > In fact, it is ok for site1 and site2, and for site3, it works > > only in http !!! It seems it should not work in http, no ? > > If I open (only for tests) the 443 port, it works correctly in > > https. Do you have any clue ? > > > > Thanks. > > David. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|