Re: Idea for SSL with name-based Vhosts using two servers, mod_rewrite, and mod_proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Bruno - e-comBR wrote:

2009/1/8 Brian Mearns <mearns.b@xxxxxxxxx>


On Thu, Jan 8, 2009 at 9:23 AM, Eric Covener <covener@xxxxxxxxx> wrote:

On Thu, Jan 8, 2009 at 8:45 AM, Brian Mearns <mearns.b@xxxxxxxxx> wrote:

Is that possible if I want to serve both secure and unsecure (80 and
443)? If I just setup my root configuration (i.e., not in a vhost) to
listen on port 80 and 443 and turn on the SSL engine, then all the
content will be encrypted, won't it?

No, you can turn on SSL in a single virtualhost (<virtualhost *:443>)
and serve non-SSL from either the "base" server or another virtual
host (<virtualhost *:80>)


It's nice. I've been setup today two HTTPS connections with the same
certificates, using two hosts. But I don't care so much because we use it
just for encryption.

But I just ask: how apache "knows" what's the right private key without the
performance cost of loading/trying each key?? Remembering that before
decrypting it apache don't know what's the right vhost



As I thought. So it looks like I'm falling back to my original
solution of using two servers and proxy rewrites...

Thanks,
Brian

--

Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
In a scenario where you have two vhosts on *:443, apache will serve the certificate from the first vhost for both sites, therefore generating a SSL certificate mismatch if a client were to request content from the second vhost, and so on. 

Frank.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux