httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Axel-Stéphane SMORGRAV <Axel-Stephane.SMORG...@europe.adp.com>
Subject RE: [users@httpd] Multiple SSL enabled Virtual Servers and mod_rewrite
Date Tue, 22 Mar 2005 08:25:33 GMT
You can very well have several SSL virtual hosts. What does not work is several Named Virtual
Hosts listening on the same SSL address/port.

The problem is that the Host header is passed to the web server after the SSL handshake has
taken place. Therefore, at the time the handshake takes place, the Apache server does not
know the ServerName referred by the client.

-ascs

-----Message d'origine-----
De : Diego M. Vadell [mailto:dvadell@lantech.com.ar] 
Envoyé : mercredi 16 mars 2005 15:09
À : users@httpd.apache.org
Objet : [users@httpd] Multiple SSL enabled Virtual Servers and mod_rewrite

Hi,
   Im a bit confused with multiple virtual hosts with SSL. Clearly you cannot use multiple
<VirtualHost> with SSL, but I dont undestand *why*. I googled for it, but I still dont
understand. 
   I know that, by protocol design, https can deal with one certificate per IP/port . Client
and server will exchange certificates before the client sends the request (I apologize for
my lack of knowledge and vocabulary), so there is no way to avoid having a popup warning about
the domain name mismatch if I want to make two SSL-enabled virtual hosts. But I noticed that
even working with https, the HTTP_HOST variable is set independent from the servername in
the SSL VirtualHost. 
    So I wrote a couple of mod_rewrite rules , put them into the SSL Virtualhost, and now
I can browse https://domain1.com/  and https://domain2.com/ and it will serve different pages,
the same as with VirtualHost (in fact, the mod_rewrite rules are not others than the "VirtualHosts
without VirtualHosts" example in mod_rewrite's documentation).
    My questions: Is there any other better way of doing this? What are the drawbacks? Any
comments? Im a bit lost in not finding an answer to a useful thing like SSL-enabled virtual
host (or alike).
   BTW, I know I will have the warning about the certificate name mismatch, I just find useful
to have the HTTP traffic encrypted. 

Looking forward to your answers, and sorry for my English,
 -- Diego.
--
-----
:( >> $$
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message