michael nt milne wrote: > I'd like to implement SSL on the site login etc, as it's not secure > without this. There's also one site I'd like to serve completely over > https. However. I'm told that you can't run SSL on virtual hosts and > can only have once SSL site per IP address.
To vary either IP address or port for different SSL site is a common method and gives you the biggest advantages. Nevetheless, you can host multiple SSL sites on single IP:port combination, provided you share also a single certificate for them. Apache is able to serve one cert for multiple SSL sites. To prevent the annoying client-side dialog box saying the cert is for different domain, your certificate must be a little special. There are 2 ways I'm aware of to manage this: 1) Wildcard certificate, issued for *.domain.com. This way the certificate will match <anything>.domain.com, but <anything> must not contain a dot. Also I'm not sure whether all current browsers support this technique. 2) The subjectAltName capability as described here: http://wiki.cacert.org/wiki/VhostsApache. Note that the CommonName must be repeated as the first subjectAltName, since it's ignored afterwards. I'm currently on my way to test the second way for my sites, but preliminary tests went well. -- \//\/\ (Sometimes credited as BA92 C339 6DD2 51F6 BACB 4C1B 5470 360E 20E5 926D.) [ When you find a virus in mail from me, then I intended to infect you, ] [ since I use SW that is not distributing malware w/o my knowledge. ]
begin:vcard fn:Vlada Macek n:Macek;Vlada adr:;;;Liberec;;;Czech Republic email;internet:[EMAIL PROTECTED] title:UNIX Admin && Developer tel;cell:+420 608 978 164 x-mozilla-html:FALSE version:2.1 end:vcard
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )