On 2010-05-31 9:31 PM, K Post wrote: > Oh boy, oh boy. This is not good. I'm thankful that we've had this > discussion with you Charles as you've helped me find a major > implementation error on our end!
No worries - I like being challenged, because it makes sure I understand something correctly, and if not, I get rid of bad information... :) > If we use the wildcard option with 3 hosts, they'll all use the same > certificate and as long as it's within the same domain name, we > should be ok. For IE on XP, the first virtual host will be the one > providing the certificate, but after that the correct virtual host > will be used for the https session itself. This is just my theory. > We'll see. > > To reiterate - OUR CURRENT SETUP DOES NOT WORK for all browsers. Ok... well, I was already aware of SNI and its limitations, so its good to know I wasn't totally missing something obvious... ;) Here is a link to a simple method to accomplish SSL vhosting on a single IP, with different (commercial if desired) certs for each host, and no cert warnings if you are using any wildcard and/or self-signed certs, and it works with pretty much all browsers out there: http://www.wesayso.net There are a few caveats though... 1. Only one host can use the default port 443, the rest are redirected to a non-standard port of your choosing (can all be the same port, or a different one for each if you want). 2. The hosts on the different port(s) all get redirected automatically, so there is no need to require the visitor to manually add the port. The biggest downside is, the visitor must go to/bookmark the NON-SSL URL, in order to be redirected correctly. If they bookmark the SSL page, they will be redirected to a custom error page that explains what they did wrong (you customize this yourself, of course). Of course, for everything to work right, you must set it all up correctly - but if I can do it, an apache veteran should have no trouble... ;) -- Best regards, Charles ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
