Re: IP-based vhost problems

Wed, 23 May 2001 07:28:30 -0700 

I can't recall where it is documented, but if I recall, the problem with using
name-based hosting (multiple sites sharing an IP address, differentiated by
name) in this case is that for name-based hosting to work, the browser sends a
line in the request that specifies which host it is requesting. The problem is
that the connection is encrypted before this information comes across, rather
than after, and the web server would be unable to decrypt without knowing which
certificate to use, so thus the first certificate is used. (I think I saw this
originally on this list, so you might check the list's archives.)

-Albert C.

christopher hamilton wrote:

> I'm sure this is documented somewhere, but I am unable to find it. I have
> two IP-based vhosts, which I have configured for SSL. The problem is: once a
> "SSL-enabled" IP-based vhost has been defined, further
> SSLCertificate(Key)File directives are ignored. The result is: regardless of
> which site I hit, only the first certificate/key defined is presented.
>
> This is an example of the two vhost defs I'm using:
>
> <IfDefine HAVE_SSL>
> <VirtualHost 1.2.3.4:443>
>
>     ServerAdmin     [EMAIL PROTECTED]
>     ServerName      www.vhost.com
>     ServerAlias     www.vhost.com
>
>     DocumentRoot    /var/www/html/vhost
>
>     SSLEngine on
>     SSLCertificateFile      /etc/httpd/conf/ssl.crt/www.vhost.com.crt
>     SSLCertificateKeyFile   /etc/httpd/conf/ssl.key/www.vhost.com.key
>
> </VirtualHost>
>
> <VirtualHost 1.2.3.4:443>
>
>     ServerAdmin     [EMAIL PROTECTED]
>     ServerName      www-two.vhost.com
>     ServerAlias     www-two.vhost.com
>
>     DocumentRoot    /var/www/html/vhost-two
>
>     SSLEngine on
>     SSLCertificateFile      /etc/httpd/conf/ssl.crt/www-two.vhost.com.crt
>     SSLCertificateKeyFile   /etc/httpd/conf/ssl.key/www-two.vhost.com.key
>
> </VirtualHost>
> </IfDefine>
>
> I don't mind RTFM, but in this case, I could not find the FM.
>
> Thanks,
> Chris
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to