hi,
>> I am trying to set two named base Secured Virtual Hosts under one httpd
>> daemon as follows:
>
>This is not a bug in mod_ssl or Apache itself. It's a basic problem with
HTTP
>over SSL (=HTTPS). You can't use (or under certain circumstances at least
only
>use one) name-based virtual hosts in conjunction with SSL. You have to use
>IP-based virtual hosts.
there's one alternative, not a very elegant one, but maybe
more suitable than using ip based vhosts: use different ports
for all secured vhosts (i.e. 444, 445, ...) and set up an explaining
page and/or redirection rules under the _default_:443 vhost entry.
most users normally don't go directly to the secure address but
click on some "follow this link to secure your connection" link
on your unsecure pages, which then just has to point to the proper
port (i.e. https://...:444/...).
of course, users trying to connect directly to your secure vhost
by typing in just the standard https://.../ without any specific
port will get that ssl cert error message. when accepting the (not
matching) _default_ certificate, they can be shown a page containing
the list of secure vhost links with proper ports.
it's also possible to use some mod_rewrite conditions and rules to
automatically redirect those users trying to connect on port 443
directly to the right port, but you've still got the "host name
doesn't match cert" problem on the first attempt to connect.
in other words: if you can live with breaking the "port 443 rule",
you can stick to name based vhosts. otherwise you'll have to buy
some more ip addresses for your server.
regards,
michael balzer
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
