Re: how to get multiple SSL with name based vhost ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Dec 1, 2009 at 5:11 AM, J. Bakshi <joydeep@xxxxxxxxxxxxxxx> wrote:
> Dear list,
>
> I have multiple name based vhost at my remote server.  If I followed the
> same configuration for SSL and  it does not work. Even not found any
> code through google which acn do the job.   I have found it is possible
> to define only one name based vhost with SSL support.  Is there any
> tricks to configure multiple vhosts with SSL ? Kindly show me the way.

This is probably one of the most asked question on this list...
For a long time the answer to the problem was "you can't". The problem
is that in order to know from which virtual host to serve content a
webserver must inspect the "host" header. This is part of the http
request. However the SSL handshake takes place before any http request
is initiated. In order to complete the handshake the webserver needs
to know which SSL certificate to use. Since the websever can't yet
know which virtual host content is being requested from it uses the
certificate of the first host.
It's really a limit of the protocol, not the server.

However the latest version of the HTTPS protocol includes SNI, which
permits a client to transmit to the host the name of the virtualhost
it wants to contact during the SSL handshake. So what you need to do
is make sure you have the very latest apache, compiled with the latest
openssl libraries, and use a recent webbrowser. Than you will be able
to do this.

Krist


-- 
krist.vanbesien@xxxxxxxxx
krist@xxxxxxxxxxxxx
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux