SSL and Name-based Virtual Hosting
This is a discussion on SSL and Name-based Virtual Hosting within the Apache Web Server forums, part of the Web Server and Related Forums category; The Apache 2 doc says, you cannot use SSL in combination with Name-based Virtual Hosting, becuase of the nature ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-27-2004
|
|||
|
|||
SSL and Name-based Virtual Hosting
The Apache 2 doc says, you cannot use SSL in combination with
Name-based Virtual Hosting, becuase of the nature of the SSL protocol. However: 1: An interface can have multiple IP addresses (eg. 192.168.0.1 and 192.168.0.2). 2: I can have my local name server attach a unique name to each IP address. so: www.xxx.com can point via-via to 192.168.0.1 www.yyy.com can point to 192.168.0.2 So a packet entering the server can have one of two distinct Destination addresses. Does that mean SSL COULD be used in this set-up for only www.yyy.com and NOT for www.xxx.com, maybe using a special <Directory> block for the SSL site, with the SSL settings ? fr gr Erik |
|
08-27-2004
|
|||
|
|||
|
Re: SSL and Name-based Virtual Hosting
On 2004-08-27, Erik <> wrote:
> The Apache 2 doc says, you cannot use SSL in combination with > Name-based Virtual Hosting No, he doesn't say that. He says that you can't have different certificates. > 2: I can have my local name server attach a unique name to each IP > address. This is not name-based but IP based, is the same as running two differente servers and bind each one with an IP or having two complete separate machines. Davide -- Beifeld's Principle: The probability of a young man meeting a desirable and receptive young female increases by pyramidal progression when he is already in the company of: (1) a date, (2) his wife, (3) a better looking and richer male friend. |
|
08-27-2004
|
|||
|
|||
|
Re: SSL and Name-based Virtual Hosting
>No, he doesn't say that. He says that you can't have different >certificates. > I cut-and-paste from manual/vhosts/name-based.html Some reasons why you might consider using IP-based virtual hosting: 1:Some ancient clients are not compatible with name-based virtual hosting. For name-based virtual hosting to work, the client must send the HTTP Host header. This is required by HTTP/1.1, and is implemented by all modern HTTP/1.0 browsers as an extension. If you need to support obsolete clients and still use name-based virtual hosting, a possible technique is discussed at the end of this document. 2: Name-based virtual hosting cannot be used with SSL secure servers because of the nature of the SSL protocol. 3: Some operating systems and network equipment implement bandwidth management techniques that cannot differentiate between hosts unless they are on separate IP addresses. |
|
08-27-2004
|
|||
|
|||
|
Re: SSL and Name-based Virtual Hosting
Erik wrote:
> The Apache 2 doc says, you cannot use SSL in combination with > Name-based Virtual Hosting, becuase of the nature of the SSL protocol. > > However: > > 1: An interface can have multiple IP addresses (eg. 192.168.0.1 and > 192.168.0.2). Since when can you have multiple IP address for the same network card? I've never heard of that, and I'd actually be interested in it. ....or do you mean the server can have multiple IPs via additional cards? That I've heard about (and have done) before. > 2: I can have my local name server attach a unique name to each IP > address. > so: www.xxx.com can point via-via to 192.168.0.1 > www.yyy.com can point to 192.168.0.2 > > So a packet entering the server can have one of two distinct > Destination addresses. > > Does that mean SSL COULD be used in this set-up for only www.yyy.com > and NOT for www.xxx.com, maybe using a special <Directory> block for > the SSL site, with the SSL settings ? OK, I'm not an apache 2 kind of guy yet... However, at one point I thought I had seen an apache 1.3 SSL server set up to serve different certificates for different domains using name-based VirtualHosts... If this isn't the case, then how to hosts handle multiple customers each with their own SSL cert for their site? -- Justin Koivisto - spam@koivi.com http://www.koivi.com |
|
08-27-2004
|
|||
|
|||
|
Re: SSL and Name-based Virtual Hosting
On 2004-08-27, Justin Koivisto <spam@koivi.com> wrote:
> Since when can you have multiple IP address for the same network card? Since when the network cards were invented. Check the documentation of your OS. > If this isn't the case, then how to hosts handle multiple customers each > with their own SSL cert for their site? Using IP based hosts or multiple machines. Davide -- Every word is like an unnecessary stain on silence and nothingness. -- Beckett |
Linear Mode
