Hi Gary,
The crux of your question (If I read it correctly), is about what
the SSL cert is supposed to match. The cert matches the server name
specified in the ServerName directive for the specified virtual host...DNS
(other than leading a browser to your IP address) has nothing to do with it.
SSL uses the host header info to send the browser to the right virtual host.
I have never seen anything saying it's the web hosting service's
responsibility to get you the correct certificate, although I'm sure some
hosting firms will do this for you. As long as you know how to make your
cert correctly, and have access to what you need access to on the web
server, you can do it yourself without too much heartache.
Synopsis: Tie the cert to the name of the site ("first.mydomain.com") not
to the DNS info.
-----Original Message-----
From: Gary Algier [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 23, 2000 10:25 AM
To: modssl-users
Subject: SSL Certs and IP-Based Virtual Hosting
I am trying to figure out to what is an SSL Certificate tied. Is it
the value of ServerName or the canonical name from a reverse DNS
lookup or the forward lookup? Or do all virtual hosts use the same
certificate?
For example:
I want to run multiple virtual servers on a single system:
...
however, let use say that the DNS says:
first.mydomain.com. IN CNAME server.mydomain.com
server.mydomain.com. IN A 192.168.10.1
second.mydomain.com. IN A 192.168.10.2
1.10.168.192.in-addr.arpa. IN PTR server.mydomain.com.
2.10.168.192.in-addr.arpa. IN PTR second.mydomain.com.
...
So, what do I register with the Certificate Authority? If it is
tied to the reverse DNS, would I be better not running the web
server on the main IP address of server.mydomain.com and then put
first.mydomain.com on its own address?
I have seen messages to the effect that if one uses a web hosting
service it is their responsibility to get the certficate as it is
tied to their IP addresses in some way, however this does not make
sense to me in that if I do a forward and reverse lookup of our
company's web server (hosted outside), it looks like it is ours:
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
