>>> Allen <[EMAIL PROTECTED]> 08/14/99 10:06PM >>>
>Forgive my jumping in, I'm just tring to figure out the ssl_mod.
No problem.
>You stated that the SSL must be IP based. What happens if you only
have >one static IP. Is it possible that several of your virtual host
can use
>the same certificate?
Two things: Each vhost *must* have its own certificate because the
certificate contains the domain name of the host, and they have to match
or it triggers a security alarm in browsers. Second, if you only have
one IP, then you can only have one SSL-enabled virtual host. The reason
for that is that with name-based virtual hosting (where you can have
many domain names share a single IP address), the web server doesn't
find out what virtual host the client wants to request from until the
client tells it in the request headers of the HTTP connection. That's
great for regular HTTP, no problem. It's a big problem for SSL-enabled
HTTP, though, because the SSL handshake must take place before the HTTP
dialogue begins. If multiple ssl-enabled virtual hosts use the same IP
address, then the SSL code won't know which private key/certificate pair
to use when establishing the SSL connection because the HTTP client
hasn't told it yet. The only way around this would be to have your
SSL-enabled virtual hosts use different port numbers at that one IP
address... but then all your URLs would have to include a port number,
which is rather messy. It'd work, though.
Hope that helps...
-Cliff
Cliff Woolley
Central Systems Software Administrator
Washington and Lee University
http://www.wlu.edu/~jwoolley/
Work: (540) 463-8089
Pager: (540) 462-3472
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
