On Thu, Apr 27, 2000 at 03:36:09PM -0600, Bal�zs Nagy wrote:
> Hi,
>
> I'm using Red Hat Secure Server 3.2 (mod_ssl/2.2.8)
> I read the docs and the FAQ. It clearly says that 2.2 can handle multiple
> key/cert combinations.
>
> So I made for each csr a separate key. However, it appears, that as soon as I
> try to have a second key/crt in a VHost, it asks only for the passkey of the
> last VHost, and fails anyway. (FYI, if I put two VHosts with the same key/crt,
> both work - except for the fact that one of the sites has the wrong cert.)
>
You can't do name based virtual hosting with SSL server certs. You need one
ip/port per certificate. The problem is that the Host header (which tells the
server which virtual host you want) is transmitted as part of the HTTP headers,
and they are not sent until after the SSL session has ben set up and the
server cert has been sent.
So basically you need an extra ip for this to work.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
