[thelist] Apache: SSL and Virtual hosts
Phil Turmel
philip at turmel.org
Wed Sep 28 19:38:57 CDT 2005
Frank wrote:
>
> I've finally suceeded in getting SSL to work on my testing machine
> thanks to the following article:
>
> http://www.tek-tips.com/faqs.cfm?fid=4315
>
> -- and of course it wasn't until I had it working that I rememberd that
> <frank smacks his forhead> SSL is dependent on an IP! There's no
> per-virtual-host method of doing SSL.
>
> Well, I want to anyway, and I'm wondering if anyone could offer me any
> interesting work arounds. At the very least I'd be happy if I could
> assign it to one single virtual host. Ideas anyone?
>
>
>
> Frank Marion lists at frankmarion.com Keep the signal high.
>
>
Frank,
There's a solution for you, in particular, because you'll settle for a
single supported host: within the ssl.conf file, have everything (host
name, certificate, doc root) refer to the one host for which you want
ssl support.
In general, ssl won't cooperate in a virtual host environment because
the encryption certificate has to be chosen (for the target host) and
encryption started before the client has a chance to send the HOST:
header. Your browser will then notice the server is using a certificate
from a host other than the one you asked for, and pop up a security
warning. Even the 'www.' prefix has to be present or not exactly as the
encryption certificate says.
Apache has a faq section on this very issue:
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts
Sorry to dash your hopes.... (Of course, if the apache docs are wrong,
and someone does have a work-around, I'd love to hear it, too.)
Phil
More information about the thelist
mailing list