> -----Original Message----- > From: David Burry [mailto:[EMAIL PROTECTED] > Sent: Montag, 6. März 2006 11:08 > To: [email protected] > Subject: Re: SSL enabled name virtual hosts > > > We use a "wildcard cert" to overcome this situation... the technical > limitation is that all the SSL "hosts" have to end with the > same domain
Absolutely. I've no doubt this indeed works - there is nothing in the protocol to prevent it doing so. How did you get your wildcard cert? Did you buy it? Apparently, the cert sellers (Thwate, Versign etc.) are not too keen on selling wildcards for the simple reason that it reduces the number of certs required (and hence sold) - a bit like the everlasting light bulb... Was that your experience? My understanding is that most people using this solution are using self-signed certs and are in a non-commercial operation. I guess a commercial vendor could use it if they wanted to compartmentalise their trade (eg, books.amazon.com, dvds.amazon.com, software.amazon.com, etc.) Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. PS - as Nick points out, Server Name Indication is also a method to achieve SSL-NBVH but, again, is waiting for browser support (I couldn't get it to work even with Opera 8.5 on XP :-( > (a wildcard cert is bound to our domain, not any individual > host name), > but otherwise we can and do indeed run hundreds (soon to be > thousands) > of customers on their own individual host names under SSL, > all on port > 443 on one instance of apache. Unfortunately we have to do funny > mod_rewrite trickery to simulate NBVH instead of using real > NBVH.... I > suspect it would be a major change in Apache architecture to use real > NBVH in our case (but otherwise, yes, it absolutely could be > technically > possible, given the all-must-be-in-the-same-domain, and must use a > "wildcard cert" limitations). > > Dave > > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company.
