Hello, On 08.12.2010 13:45, Tom Evans wrote:
.. but at this point apache knows that there is something wrong with the request or the configuration, and should throw an error instead of serving the wrong data.Typically, you don't even get to that point. Most browsers will throw a fit if they request www.hostb.com and are served certificates for www.hosta.com.
And the experienced user has seen these warnings often, so he regularly clicked on "I understand the risks" and accepted the ssl session anyway - and it's even wiser in most cases to do because mostly you're better off (in web 2.0 services for example) with an encrypted transfer and non-secure identity than with both non-secure...
The best way to avoid this problem is not dummy vhosts, it is to not serve multiple websites from the same IP ...
In an ideal world, yes.But in this world the number of available IPs is restricted, whereas the quest for new domains seems endless. ".. over 240 Million active and deleted domains in the .com .net .org .biz .info .mobi .asia .ie .eu .de .co.uk Top Level Domains.."
( http://www.hosterstats.com )
... if you intend on handling SSL for any one of those websites and not the others. SSL sites that share a certificate (eg, if you have a wildcard certificate) are fine to share an IP.
If there is exactly one SSL site a wildcard cert is not needed and makes little sense IMHO.
/ Bernd --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|