>>> Allen <[EMAIL PROTECTED]> 08/15/99 09:29AM >>>
>The company I currently host through has SSL for each of the virtual
>hosts. There have thousands of accounts, hard to beleive they would
>have a certificate for each virtual domain.
Well, they do. :) Unless, of course, there is one vhost that does all
the work and as [EMAIL PROTECTED] suggested, the vhosts do SSL
through a common domain like
https://secure.mydomain.com/vhost-subdirectory/
If each domain (www.abc.org, www.def.org, etc) has its own, (ie,
https://www.abc.org and https://www.def.org are valid), then each one
has its own certificate.
>Would one certificate work if the virtual hosts were IP-Based with
(ip
>aliases) virtual ip?
The reason you need multiple certificates is because the domain name is
encoded within the certificate for identity validation purposes.
Therefore, www.abc.org has a certificate that's been signed by a
certificate authority that says the certificate belongs to www.abc.org.
Browsers then check to make sure that the host they contacted
(www.abc.org) is the same as the hostname they found in the
certificate that host sent them. If it doesn't, the host is trying to
masquerade as someone else.
Does that clear it up a little?
-Cliff
Cliff Woolley
Central Systems Software Administrator
Washington and Lee University
http://www.wlu.edu/~jwoolley/
Work: (540) 463-8089
Pager: (540) 462-3472
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
