Hi Wolfgang, there is a chicken-and-egg problem with name-based virtual hosts and SSL. The SSL connection is established *before* HTTP communication, so the SSL server does not know what Host: HTTP header will be sent in the moment it decides which SSL server certificate to send. So for SSL HTTP servers, each server needs its own IP address, virtual named-based hosts are not possible. There is a solution for this problem, it is a change in the SSL protocol which allows to send host name in the SSL handshake. However it is not supported by all web browsers. For details see http://en.wikipedia.org/wiki/Server_Name_Indication#The_fix In a nutshell, if you want to support MSIE on Windows XP, you cannot use it. I solve this by using one IP address for all SSL servers with the same DNS domain owner, and a SSL server certificate that has all the server names as subjectAltNames. That works for all browsers, but it is some hassle to create a new certificate for all names each time a new SSL server is added. Cheers Martin Dne 21.1.2011 22:18, Wolfgang.Miska@xxxxxxxxxxxx napsal(a):
Hi, I am not too familiar with Apache, so the following message has stumped me. [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) Can somebody explain what that means and what are the consequences? Thanks so much! Wolfgang
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Supercomputing Center Brno Martin Kuba Institute of Computer Science email: makub@xxxxxxxxxxx Masaryk University http://www.ics.muni.cz/~makub/ Botanicka 68a, 60200 Brno, CZ mobil: +420-603-533775 --------------------------------------------------------------
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
|