Re: mod_ssl and virtual host

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dne 28.1.2011 02:51, bfree@xxxxxxxxxxxx napsal(a):

The certificate is not trusted because it is self-signed.
The certificate is only valid for free-man.net

what am I doing wrong?


You can not use name-based virtual hosts for SSL if your Apache is older than 2.2.12
or your OpenSSL does not support SNI or the client is MSIE on Windows XP.

In other words, you need a separate IP address for each SSL certificate,
because the SSL connection is established before the HTTP connection takes place
and the server does not know which certificate to choose.

See
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts
http://en.wikipedia.org/wiki/Server_Name_Indication

Use IP-based virtual hosts instead.

Cheers

Martin
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Supercomputing Center Brno             Martin Kuba
Institute of Computer Science    email: makub@xxxxxxxxxxx
Masaryk University             http://www.ics.muni.cz/~makub/
Botanicka 68a, 60200 Brno, CZ     mobil: +420-603-533775
--------------------------------------------------------------

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux