Ah, ah, ah. I missed that you were talking about using a self signed certificate for this. There's no problem that I know of running named based virtual servers with SSL as long as each certificate comes from a trusted CA.
On Wed, May 26, 2010 at 11:25 AM, Charles Marcus <[email protected]>wrote: > On 2010-05-26 10:14 AM, K Post wrote: > > On Wed, May 26, 2010 at 6:53 AM, Charles Marcus wrote: > >> It is a myth that you cannot do name-based virtual SSL hosting on a > >> single IP... it is actually very simple (at least on linux), but the > >> apache guys don't want you to know about it, because there is a downside > >> - you do lose the 'auth' aspect to SSL (so you wouldn't want to host a > >> commercial shopping cart system this way), but not the 'secure' aspect. > > > What's the downside of having a single IP apache server running > > virtual name based SSL servers? We run three like this: > > > > https://one.domain.org/ > > https://two.domain2.org/ > > https://three.domain3.org/ > > > > they all use the same external IP. > > Most people do not know that you can do this, because t he official > Apache docs say you can't: > > http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts2 > > and most web docs mindlessly regurgitate it. > > > I didn't understand what you meant by losing the "auth" aspect to > > SSL. What is the "auth" aspect? Thanks. > > Sure - there are two distinct purposes for using encryption on the web: > > 1. Providing means to verify that the site using the cert in question is > 'authorized' to use it, using 3rd parties (like Verisign) > > this is highly desirable for sites hosting secure e-commerce sites > > and > > 2. Encryption to protect the transaction from being snooped. > > Using self-signed certs is not a good idea for the first purpose, but > perfectly fine for the second. > > -- > > Best regards, > > Charles > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
