Mark A. Kruger - CFG wrote: > Chris, > > <ha> You give me too much credit. This is my "pro-bono" box. I set it up > myself and I can tell you that there's no custom 403.3 setup. The server > has a single IP and about 5 virtual sites mapped to it. The only one with a > CERT is "secure.cfwebtools.com". Apparently, since it's the only 443 port > listening - it gets the SSL traffic by default. It does generate an initial > error message regarding the CERT not matching the host info.
I hope you are not saying you have multiple ports 443 on that IP and that only one is listening :) The way I always look at it is that you have 1 port 443 for each IP address. HTTPS traffic goes to that port by default. Normally setting up multiple hosts on 1 IP address is done through hostheaders. But hostheaders are part of a page request. And since a pagerequest is encrypted, you need the certificate to decipher the host headers. But if you have multiple certificates, you can not decipher the hostheaders *before* you have been able to read them to decide which certificate to use. Hence, 1 certificate for each IP/port combination. The solution would obviously be to add more IP addresses to be able to use more certificates. (It is also possible to use different ports,like we have "secure.domain" on port 443 for web, "mail.domain" on port 993 for secure mail and "postgresql.domain" on some other port for secure database connections, but I would not do that for a general public website.) Jochem ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
