Re: how to get multiple SSL with name based vhost ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Krist van Besien wrote:
> On Tue, Dec 1, 2009 at 5:11 AM, J. Bakshi <joydeep@xxxxxxxxxxxxxxx> wrote:
>   
>> Dear list,
>>
>> I have multiple name based vhost at my remote server.  If I followed the
>> same configuration for SSL and  it does not work. Even not found any
>> code through google which acn do the job.   I have found it is possible
>> to define only one name based vhost with SSL support.  Is there any
>> tricks to configure multiple vhosts with SSL ? Kindly show me the way.
>>     
>
> This is probably one of the most asked question on this list...
> For a long time the answer to the problem was "you can't". The problem
> is that in order to know from which virtual host to serve content a
> webserver must inspect the "host" header. This is part of the http
> request. However the SSL handshake takes place before any http request
> is initiated. In order to complete the handshake the webserver needs
> to know which SSL certificate to use. Since the websever can't yet
> know which virtual host content is being requested from it uses the
> certificate of the first host.
> It's really a limit of the protocol, not the server.
>
> However the latest version of the HTTPS protocol includes SNI, which
> permits a client to transmit to the host the name of the virtualhost
> it wants to contact during the SSL handshake. So what you need to do
> is make sure you have the very latest apache, compiled with the latest
> openssl libraries, and use a recent webbrowser. Than you will be able
> to do this.
>
> Krist
>
>
>   
Hello Krist,

Thanks for your nice explanatory  response.  The server where my apache
is running is based on opensuse 11.0 . Hence I don't think this box can
support SNI. As this is a production server I can't simply upgrade the
box. So I need some other alternative. Thanks to make me familiar with SNI

-- 
জয়দীপ বক্সী


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux