Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The "CommonMisconfigurations" page has been changed by TomChiverton: https://wiki.apache.org/httpd/CommonMisconfigurations?action=diff&rev1=11&rev2=12 Comment: SNI is widely deployed, make this section less scary as named based SSL will work for the vast majority of users # SSL options, other options, and stuff defined here. </VirtualHost> }}} + See [[NameBasedSSLVHostsWithSNI]] for a detailed discussion, but in general most web browsers will work correctly with the above setup, historically Windows XP was the major operating system it would cause issues with. + - Because of the nature of SSL, host information isn't used when ''establishing'' an SSL connection. Apache will always use the certificate of the default virtual host, which is the first defined virtual host for name-based virtual hosts. While this doesn't mean that you won't ever be able to access the second virtual host, it does mean your users will always get a certificate mismatch warning when trying to access some.domain2.com. Read more about this at http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2 Also, note that the configuration above isn't something someone would normally use for SSL, which requires a static, non-shared IP address -- !NameVirtualHost 127.124.3.53:80 is a more likely format. However, using !NameVirtualHost *:443 is common in howtos for Debian/Ubuntu.<<BR>><<BR>> + When clients without SNI attempt to connect host information isn't used so Apache will always use the certificate of the default virtual host, which is the first defined virtual host for name-based virtual hosts. This means your users will get a certificate mismatch warning when trying to access some.domain2.com. Read more about this at http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2 <<BR>>Also, note that the configuration above isn't something someone would normally use for SSL, which requires a static, non-shared IP address -- !NameVirtualHost 127.124.3.53:80 is a more likely format. However, using !NameVirtualHost *:443 is common in howtos for Debian/Ubuntu.<<BR>><<BR>> === Scope === ==== Adding/Restricting access and options in <Directory /> ==== --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
