there is a chicken-and-egg problem with name-based virtual hosts
and SSL. The SSL connection is established *before* HTTP communication,
so the SSL server does not know what Host: HTTP header will be sent
in the moment it decides which SSL server certificate to send.
So for SSL HTTP servers, each server needs its own IP address,
virtual named-based hosts are not possible.
There is a solution for this problem, it is a change in the SSL protocol
which allows to send host name in the SSL handshake. However it is not
supported by all web browsers.
In a nutshell, if you want to support MSIE on Windows XP, you cannot use
it.
I solve this by using one IP address for all SSL servers with the same
DNS domain owner,
and a SSL server certificate that has all the server names as subjectAltNames.
That works for all browsers, but it is some hassle to create a new certificate
for all names each time a new SSL server is added.
Cheers
Martin
Dne 21.1.2011 22:18, Wolfgang.Miska@xxxxxxxxxxxx napsal(a):
> Hi,
>
> I am not too familiar with Apache, so the following message has stumped
me.
>
> [warn] Init: Name-based SSL virtual hosts only work for clients with
TLS server name indication support (RFC 4366)
>
> Can somebody explain what that means and what are the consequences?
>
> Thanks so much!
>
>
> Wolfgang
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Supercomputing Center Brno Martin
Kuba
Institute of Computer Science email: makub@xxxxxxxxxxx
Masaryk University http://www.ics.muni.cz/~makub/
Botanicka 68a, 60200 Brno, CZ mobil: +420-603-533775
--------------------------------------------------------------
