One small comment. I have tried for years to get off this mailing list.
I have sent my request and it has always been effective, for say a month
or so,
then I get put back on the mailing list. And it keeps coming. My
solution was
to add it to my spam filter. It doesn't bother me that way and
occasionally I drop in
to see what the latest complaint is.
In this case I couldn't agree with the message more. Perhaps the tone
is not quite right.
Somebody ought to fix mailing-list software so that once you are off you
are really gone.
It is true that [EMAIL PROTECTED] ought to ask to be taken off the
list; but it won't help much I'm afraid.
BUZ
[EMAIL PROTECTED] wrote:
stop stop sending me
this bs , i have no idea who are you !!!!
stop !!!!!!!!!!!!!!!
-------------- Original message from Dave Paris
<[EMAIL PROTECTED]>: --------------
> It seem like you might be confusing "shared infrastructure" with
> "single ip". As others have said, you need a distinct address
for each
> SSL-enabled httpd or proxy, although they can reside on the same
hardware.
>
> A good example of this is the typical configuration for larger
server
> farms. You find multiple High Availability load balancers in the
DMZ for
> both http and https using something like ha/keepalived for
linux. These
> proxy the incoming request back into private address space. The SSL
> proxies terminate the SSL connection and broker the request on
behalf of
> the user and everything goes to the private address space in
plain http.
> This allows each of the _real_ webservers to achieve better
> performance since the SSL overhead is not present.
>
> While you can use Apache as an SSL-terminating proxy, I find I get
> better performance, lower memory utilization and easier
configuration
> using Pound ( http://www.apsis.ch/pound/ ). Using keepalived, I
have
> multiple public IP addresses floating between several hosts and
pound
> binds https to those addresses.
>
> Hope that adds a bit of additional clarity,
> Dave
>
> Cuesta Gilles sent forth:
> > So what about this ?
> > "*MULTIPLE CN (SAN) SERVER CERTIFICATES*
> >
> > This type of certificate (also called /Subject Alternative
Name/ (SAN) )
> > enables to secure not only one website but a large number of
sites (a
> > list of sites) hosted on a shared infrastructure (server with
multiple
> > names, reverse proxy). Ideal to secure multiple brands of a
corporation.
> > One certificate per hardware is required."
> >
> > http://www.tbs-certificats.com/index.html.en
> >
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager [EMAIL PROTECTED]