On 2010-05-26 10:14 AM, K Post wrote: > On Wed, May 26, 2010 at 6:53 AM, Charles Marcus wrote: >> It is a myth that you cannot do name-based virtual SSL hosting on a >> single IP... it is actually very simple (at least on linux), but the >> apache guys don't want you to know about it, because there is a downside >> - you do lose the 'auth' aspect to SSL (so you wouldn't want to host a >> commercial shopping cart system this way), but not the 'secure' aspect.
> What's the downside of having a single IP apache server running > virtual name based SSL servers? We run three like this: > > https://one.domain.org/ > https://two.domain2.org/ > https://three.domain3.org/ > > they all use the same external IP. Most people do not know that you can do this, because t he official Apache docs say you can't: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts2 and most web docs mindlessly regurgitate it. > I didn't understand what you meant by losing the "auth" aspect to > SSL. What is the "auth" aspect? Thanks. Sure - there are two distinct purposes for using encryption on the web: 1. Providing means to verify that the site using the cert in question is 'authorized' to use it, using 3rd parties (like Verisign) this is highly desirable for sites hosting secure e-commerce sites and 2. Encryption to protect the transaction from being snooped. Using self-signed certs is not a good idea for the first purpose, but perfectly fine for the second. -- Best regards, Charles ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
