On Sun, Jan 18, 2009 at 4:59 PM, Carsten Aulbert <carsten.aulbert@xxxxxxxxxx> wrote: > Hi all, > > Usually it's not possible to use name-based virtual hosts for SSL > connections since the well known chicken-egg problem (at least if I > understood the FAQ correctly). My question would be if there is some way > of "emulating" this if one has a server which uses virtualization to run > different hosts (or a server running SSL-aware hosts no different ports). The problem is that you are trying to work around a problem in the protocol. It is not a limitation of apache that you can't use namebased virtualhosts with ssl, it's a limitation in the protocol, and you will encounter this limitation regardless of what you choose to use to receive the SSL connection. Whatever it is you use to accept SSL connections with has to decide which certificate to use, when a connection request arrives. And at the moment the request arrives all that is know is the IP and port the other party wants to connect with. SSL certificate are name based. So unless you have a 1:1 relation between hostnames and ip adresses you cannot offer whatever it is that you terminate ssl at a way to find out what the right ssl certificate is. Krist -- krist.vanbesien@xxxxxxxxx krist@xxxxxxxxxxxxx Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|