Ian C. Blenke wrote:
> On Sun, 2002-10-13 at 10:23, Ronan Heffernan wrote:
>
>> I just converted a single site yesterday into a 2 VirtualHosts as
>>part of a web development project. I have never done this before and my
>>understanding is incomplete, but it works! Rather than using the
>>asterisk as a wildcard for the NameVirtualHost directive, I
>>monkey-see-monkey-do'ed an example that used the actual IP and port.
>>Note: the second NameVirtualHost directive uses port 443 for SSL
>>(https://) and requires a more complex pair of VirtualHost directives
>>that contain information about the SSL certificates and configuration.
>>The names and IP addresses have been changed to protect the poorly
>>secured and administered.
>>
>>NameVirtualHost 192.168.1.1:80
>>NameVirtualHost 192.168.1.1:443
>
>
> Unfortunately, due to the way https is basically HTTP over SSL, there is
> no way for a web browser to identify the site they intend on visiting
> via HTTP headers *before* the SSL keys are exchanged. This means that
> you can have only one cert bound to a particular IP:443 pair. HTTPS
> virtual hosting must continue to be IP based virtual hosting, or you
> must use another port other than 443 on the shared IP. It's a limit of
> the protocol, not of apache.
>
> This means that, while you *can* have virtual name hosted HTTPS sites,
> there can be only on certificate used for all of the sites, effectively
> popping up that nasty little dialog box that tells you the site you're
> trying to connect to has the incorrect "credentials" in the certificate.
> This should affect all but one site, which should continue to work
> perfectly.
>
Thanks for that heads-up. It will certainly become an issue further
down the project road.
--ronan
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:08:09 EDT