Re: [SLUG] Virtual Hosts on Apache

From: Ian C. Blenke (icblenke@nks.net)
Date: Sun Oct 13 2002 - 19:43:17 EDT


On Sun, 2002-10-13 at 10:23, Ronan Heffernan wrote:
> I just converted a single site yesterday into a 2 VirtualHosts as
> part of a web development project. I have never done this before and my
> understanding is incomplete, but it works! Rather than using the
> asterisk as a wildcard for the NameVirtualHost directive, I
> monkey-see-monkey-do'ed an example that used the actual IP and port.
> Note: the second NameVirtualHost directive uses port 443 for SSL
> (https://) and requires a more complex pair of VirtualHost directives
> that contain information about the SSL certificates and configuration.
> The names and IP addresses have been changed to protect the poorly
> secured and administered.
>
> NameVirtualHost 192.168.1.1:80
> NameVirtualHost 192.168.1.1:443

Unfortunately, due to the way https is basically HTTP over SSL, there is
no way for a web browser to identify the site they intend on visiting
via HTTP headers *before* the SSL keys are exchanged. This means that
you can have only one cert bound to a particular IP:443 pair. HTTPS
virtual hosting must continue to be IP based virtual hosting, or you
must use another port other than 443 on the shared IP. It's a limit of
the protocol, not of apache.

This means that, while you *can* have virtual name hosted HTTPS sites,
there can be only on certificate used for all of the sites, effectively
popping up that nasty little dialog box that tells you the site you're
trying to connect to has the incorrect "credentials" in the certificate.
This should affect all but one site, which should continue to work
perfectly.

- Ian C. Blenke <icblenke@nks.net> <ian@blenke.com>
http://ian.blenke.com



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:06:38 EDT