Ralph wrote:
Hello list members,
I'm trying to set up an Apache 2 based web server for multiple name based virtual hosts. As it is not possible with mod_ssl to have a seperate SSL certificate file for each virtual host...
Actually, you can, but they have to have separate IP addresses. (Requiring the server host to be multi-homed...)
This is because the software tries to put the link into secure mode BEFORE the client can tell the server WHICH virtual host it is looking for. Since the server doesn't know which virtual host is being requested, it cannot select the correct certificate to present.
However, if each virtual host has a separate IP address, the server knows which one, so it can select the specific certificate for that particular virtual host.
So, our motto is, if you want a secure virtual host, you have to have your own IP address.
---
Even if you could make a certificate with multiple names in it, how do you convince Apache that it belongs to all those virtual hosts?
Can you just put it into every configuration section and have it fall out? How does Apache even decide which configuration section to look in?
-- Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
