httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Di Croce <>
Subject Re: [users@httpd] https problem
Date Tue, 06 Dec 2005 14:41:46 GMT

But why would the URL in the browser not match the name in the SSL cert?
They would match... and are port 80 VH's is a port 443 VH (with SSL certs installed) and https link to, so the users browser URL will change,
and the certs will be registered to So I guess I don't see how
they're getting mismatched?


On 11/24/05, Boyle Owen <> wrote:
> Plain text please...
> Assume you set up two or more name-based VHs on port 80 (plain HTTP). Then
> you set up a single SSL VH on port 443. Now, HTTPS to any domain will go to
> the SSL VH.
> SSL will "work" in that you won't get an error and the session will be
> encrypted but you will get *warnings* that the URL in the browser doesn't
> match the site name in the SSL certificate. This is not very useful for
> e-commerce... (would you type in your credit card number on a site called
> "nice-shop" when the browser was warning you that the cert belonged to
> "nasty-hacker"?)
> If you try to add additional SSL VHs, apache will always use the
> certificate from the first SSL VH to establish a session so you still get
> warnings.
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.
> -----Original Message-----
> From: Tony Di Croce []
> Sent: Donnerstag, 24. November 2005 00:43
> To:
> Subject: Re: [users@httpd] https problem
> I assume and resolve to the same IP address.
> If so, https to either domain will go to <IP address>:443.
> Remember that SSL cannot use the Hostname to distinguish sites, so the two
> requests look the same to apache and so you get the first VH on IP:443.
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.
> I have been planning to build a server with multiple virtual hosts. The
> idea is that each host could have web stores, but when it came time to
> actually get credit card info, they would forward you to the one host on the
> box that was on port 443 (via an https link)... This page would get the card
> number and process the order... Of course, when they go to this page, the
> domain in the URL in their browser would change... but thats OK...
> This should work, right?
> --
> Free Linux Technical Articles
> Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
> keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail
> is of a private and personal nature. It is not related to the exchange or
> business activities of the SWX Group. Le présent e-mail est un message privé
> et personnel, sans rapport avec l'activité boursière du Groupe SWX.
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission. If
> you receive this message in error, please notify the sender urgently and
> then immediately delete the message and any copies of it from your system.
> Please also immediately destroy any hardcopies of the message. You must not,
> directly or indirectly, use, disclose, distribute, print, or copy any part
> of this message if you are not the intended recipient. The sender's company
> reserves the right to monitor all e-mail communications through their
> networks. Any views expressed in this message are those of the individual
> sender, except where the message states otherwise and the sender is
> authorised to state them to be the views of the sender's company.
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:> for more info.
> To unsubscribe, e-mail:
>    "   from the digest:
> For additional commands, e-mail:

Free Linux Technical Articles

View raw message