Hi Graeme, Graeme Fowler wrote: > Joseph Mack NA3T wrote: >> I don't suppose you know if you can run two https sites with >> the same IP (like you can for http)? > > Short answer: no. > > Longer answer: no, because the certificate for a connection must be > chosen before the TLS session is established (the TLS handshake requires > the certificate and key); only then can the HTTP/1.1 Host: header be > sent across. This means the certificate must be hard-coded in the config > of the application providing the TLS environment (Apache, for example, > puts it into the VirtualHost context).
See my previous email - I *think* it can be done. > > Slightly different short answer: you can if you bind the VirtualHost to > different ports (443 is IANA default for https but you can run it > *anywhere you want*. Just don't expect the clients to use one that's not > on port 443 :) True - we* usually run our https on 8443 and our globus web services on 9443. *we, being the Open Science Grid and other scientific grid infrastructures (EGEE, etc.) > > Very different answer: you can if you use TLS/SNI. See: > http://www.rfc-archive.org/getrfc.php?rfc=3546 > This extends the TLS handshake to include several extended attributes, > among the server_name. Guess what that gets used for? We use extended attributes for grid job submissions (think geographically separated batch job submissions to extremely diverse compute resources). We use the user DN + Virtual Organization and Role extended attributes to map users to local UIDs for running the jobs. What purpose are you using extended attributes for? Cheers, Dan -- Dan Yocum Fermilab 630.840.6509 [EMAIL PROTECTED], http://fermigrid.fnal.gov Fermilab. Just zeros and ones. _______________________________________________ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
