Ahhhhhh. This sounds like a plausible explaination. Thanks very much. Q: what do the Big Guys that host hundreds of virtual e-commerce domains do about this? I can't figure that they have their machines set up with 150 IP addresses on them, do they? Randy Lee Jason Thaxter wrote: > > This behavior sounds like you have only one IP address shared among your > virtual hosts, and I can't tell otherwise from your description. > > The FAQ explains why you need separate IPs; basically the certificate > negotiation takes place BEFORE the HTTP headers pass the Host: line for > discrimination among virtual hosts that share an IP. If this were not the > case, the browser headers would be passed in cleartext. > > So in your case, the certificate is already cached by your browser, so you > get the connection, and afterwards, mod_ssl learns that the certificate > does not match the VirtualHost being suggested by the HTTP headers, then > displays the correct host to match the certificate. > > On Wed, 16 Feb 2000, Randy Lee wrote: > > > Didn't get any takers on this so far, so I'll pose the question again > > and hope to get one this time: > > > > > > -------- Original Message -------- > > Subject: CN not server name > > Date: Fri, 11 Feb 2000 08:09:10 -0600 > > To: [EMAIL PROTECTED] > > > > I've got a problem that I'm not sure is mod_ssl or apache going on here: > > > > I have a server named x.dom1.com that is hosting several vitual domains. > > > > If I have > > > > <VirtualHost IP:443> > > ServerName x.dom2.com > > ... > > </Virtual host> > > > > and I have x.dom2.com in the Thawte cert (test fortunately), life is > > cool outside of Netscape not knowing about test certs. > > > > If I add another virtual host (before this in the list) and hit > > https://x.dom2.com > > > > <VirtualHost IP:443> > > ServerName x.dom1.com > > ... > > </Virtual host> > > > > I get a log error in the x.dom1.com error log that sez > > > > [Fri Feb 11 07:54:41 2000] [error] mod_ssl: SSL handshake failed > > xxx.xxx.xxx, server x.dom1.com:443) (OpenSSL library error follows) > > [Fri Feb 11 07:54:41 2000] [error] OpenSSL: error:14094412:SSL > > routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN > > in certificate not server name!?] > > > > but I get all the pages in x.dom2.com > > > > I also, then get that the cet was from x.dom1.com when I ask Netscape > > about this cert being presented. > > > > I'm confused. Someone have an antidote? > > > > Randy Lee > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED]
begin:vcard n:Lee;Randy tel;fax:(715) 658-1189 tel;work:(715) 658-1189 x-mozilla-html:FALSE url:http://www.CommunicatorToGo.com org:OneDisc.com adr:;;3564-H Rolling View Dr.;St. Paul;MN;55110;USA version:2.1 email;internet:[EMAIL PROTECTED] x-mozilla-cpt:;10128 fn:Randy Lee end:vcard
