Ari Moisio wrote:
> I have following setup: Apache-modssl behind firewall. Server has only
> private ip address 192.168.x.x. Firewall masquerades outside ip adress
> when passing thru traffic. Name service maps fqnd of server in
> differrent ip addresses inside and outside of firewall. Http[s] works
> but...
>
> If i obtain a certificate will it work. Should i use internal or
> external ip address when defining virtualhost? What other problems may
> arise due to masquerading?
The SSL server is entirely inside - it doesn't know or care about the
masquerading. You must use the internal IP addresses on the VirtualHosts
since these are the addresses on the packets which apache receives.
However, the certificate should contain the NAME (not the IP number) of
the site. This is because SSL checks the name in the certificate with
the name in the HTTP request
Rgds,
Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
