Not true. I have found a method that works perfectly. I have been working on
different methodolgies for sometime and there are two options. The first, I
can speak of. The second involves other corporate incentives and is
proprietary.
The first is you assume all the calls go to port 443. Well, most calls to
ssl cites are programmed in. You don't type them in.
So, you can run apache-ssl with this scenario:
Port 443
Listen 1.2.3.4:444
Listen 1.2.3.4:445
Listen 1.2.3.4:446
Then, Each VH has the same IP with the corresponding port.
Each VH has a different Certificate.
Each VH serves up the correct certificate.
Note, also, the system can run on the NIC's first IP and it works by setting
up multiple IP's on the localhost.
If your interested, I'll post some links to sites that use the same IP but
serve up correct certificates.
----- Original Message -----
From: Richard Levitte - VMS Whacker <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, October 18, 2000 5:04 PM
Subject: RE: SSL + VirtualHost in Apache 1.3.x
> From: Paulo Matos <[EMAIL PROTECTED]>
>
> pjsm> On Wed, 18 Oct 2000, Vadim Fedukovich wrote:
> pjsm>
> pjsm> > I mean, it was answered, on this thread, several days ago.
> pjsm> > To repeat it: ip address is the only way for a webserver
> pjsm> > to choose a certificate/key to use for SSL handshake.
> pjsm> > Usual instrument in plain HTTP, "Host: " header, is available
> pjsm> > only after handshake.
> pjsm> I follow this discussion, but there's something I could not
> pjsm> get. How does the client/server behaves with this scenario:
different
> pjsm> certificates to the same ip, diffrent names to the same ip. Aren't
we
> pjsm> breaking something here?
>
> Well, you're speaking about something that is basically impossible
> with current practices. As far as I understand, it's rather difficult
> to have the server use more than one server certificate...
>
> --
> Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
> Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
> Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
> Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
> Member of the OpenSSL development team: http://www.openssl.org/
> Software Engineer, Celo Communications: http://www.celocom.com/
>
> Unsolicited commercial email is subject to an archival fee of $400.
> See <http://www.stacken.kth.se/~levitte/mail/> for more info.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
