Re: IP-based vhost problems

Wed, 23 May 2001 07:45:35 -0700 

Btw, if you want to know more about this issue, check out the FAQ in the Documents
section on the modssl.org website. The specific item is
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 .

-Albert C.

ACroft wrote:

> I can't recall where it is documented, but if I recall, the problem with using
> name-based hosting (multiple sites sharing an IP address, differentiated by
> name) in this case is that for name-based hosting to work, the browser sends a
> line in the request that specifies which host it is requesting. The problem is
> that the connection is encrypted before this information comes across, rather
> than after, and the web server would be unable to decrypt without knowing which
> certificate to use, so thus the first certificate is used. (I think I saw this
> originally on this list, so you might check the list's archives.)
>
> -Albert C.
>
> christopher hamilton wrote:
>
> > I'm sure this is documented somewhere, but I am unable to find it. I have
> > two IP-based vhosts, which I have configured for SSL. The problem is: once a
> > "SSL-enabled" IP-based vhost has been defined, further
> > SSLCertificate(Key)File directives are ignored. The result is: regardless of
> > which site I hit, only the first certificate/key defined is presented.
> >
> > This is an example of the two vhost defs I'm using:
> >
> > <IfDefine HAVE_SSL>
> > <VirtualHost 1.2.3.4:443>
> >
> >     ServerAdmin     [EMAIL PROTECTED]
> >     ServerName      www.vhost.com
> >     ServerAlias     www.vhost.com
> >
> >     DocumentRoot    /var/www/html/vhost
> >
> >     SSLEngine on
> >     SSLCertificateFile      /etc/httpd/conf/ssl.crt/www.vhost.com.crt
> >     SSLCertificateKeyFile   /etc/httpd/conf/ssl.key/www.vhost.com.key
> >
> > </VirtualHost>
> >
> > <VirtualHost 1.2.3.4:443>
> >
> >     ServerAdmin     [EMAIL PROTECTED]
> >     ServerName      www-two.vhost.com
> >     ServerAlias     www-two.vhost.com
> >
> >     DocumentRoot    /var/www/html/vhost-two
> >
> >     SSLEngine on
> >     SSLCertificateFile      /etc/httpd/conf/ssl.crt/www-two.vhost.com.crt
> >     SSLCertificateKeyFile   /etc/httpd/conf/ssl.key/www-two.vhost.com.key
> >
> > </VirtualHost>
> > </IfDefine>
> >
> > I don't mind RTFM, but in this case, I could not find the FM.
> >
> > Thanks,
> > Chris
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to