On Fri, 12 Jul 2002 07:17:35 -0700 Scott Francis <[EMAIL PROTECTED]> wrote:
> > a different certificate for each site while using one IP address.
> > (Correct me if I'm wrong!)
> According to http://httpd.apache.org/docs/vhosts/name-based.html (thanks
> Gerald), name-based hosting cannot be used with SSL due to the nature of
> the
> SSL protocol.
correct. there's a specific technical problem due to the way that the https
protocol is designed; it's a chicken-and-egg problem.
specifically, name based identification of sites is based on the HTTP host
request-header field. in https, the certificates are processed before the
Host request-header is transmitted; Host is supposed to be inside the
encrypted tunnel.
a different design might have permitted named based https identification of
virtual web site, but they did what they did.
richard
--
Richard Welty [EMAIL PROTECTED]
Averill Park Networking 518-573-7592
Unix, Linux, IP Network Engineering, Security
