> -----Original Message-----
> From: David Marshall [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 05, 2002 12:01 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: SSL and vhosts
>
>
> Then you are going to continue to get the certificate warnings as the
> certificate will have to be the same for all vhosts. As
> result your users
> will have the mismatched host and server complaints. At my
> shop, we would
> say that is not working :).
Well, that all depends on what one is trying to accomplish -- this case is for a
known, limited, internal user population. As I said, the mismatch between host names
and cert names is expected at this point. Heck, the cert I am using doesn't match the
box at all, let alone the vhost name. This is still a test machine. My next step
would be to see if separate certs could be used for separate vhosts and eliminate the
mismatched name problem. I haven't decided whether that is even very important for my
purposes.
What is perplexing to me is not the mismatched names issue, but rather why this works
at all when everything I have read says it won't. That is, it won't work at all in
the sense that the encrypted connection cannot be established because of the sequence
things are done in the handshake.
>
> David
>
> -----Original Message-----
> From: Hunt,Keith A [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 05, 2002 8:53 AM
> To: [EMAIL PROTECTED]
> Subject: RE: SSL and vhosts
>
>
> Hmmm. I am only using a single IP address. If I was going
> to use separate
> IP addresses, then I wouldn't be using name-based vhosts.
>
> > -----Original Message-----
> > From: David Marshall [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, April 05, 2002 11:46 AM
> > To: '[EMAIL PROTECTED]'
> > Subject: RE: SSL and vhosts
> >
> >
> > After Apache 1.3.19 (I believe) name-based virtual hosts work
> > with SSL and
> > get the right certificate if
> >
> > a. each name-based host has a unique ip address
> > An easy way to do this is to multihome a nic.
> > b. Traffic for the host comes in with the right ip address
> > I Mention this if you are using firewalls and address
> translation.
> > b. If using a passphrase, all certificates need to use the
> > same passphrase.
> >
> > I have been using this with Stronghold 3 build 3014 and
> > higher. StrongHold
> > is RedHat's Apache/Mod_SSL package.
> >
> > David Marshall
> >
> >
> > -----Original Message-----
> > From: Hunt,Keith A [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, April 05, 2002 8:20 AM
> > To: [EMAIL PROTECTED]
> > Subject: SSL and vhosts
> >
> >
> >
> > Please pardon me if this is a dumb question. I have read
> that SSL and
> > name-based vhosts cannot be done, yet I set it up and it
> > seems to be working
> > OK, apart from the expected complaints about mismatched host
> > name and server
> > certificate. Am I missing something? I am running Apache
> > 1.3.23 and modssl
> > 2.8.7. on Linux
> >
> >
> > Keith Hunt 330.972.2968 [EMAIL PROTECTED]
> > Internet & Server Systems
> > The University of Akron
> >
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
