Date: 04 Jun 2000 12:44:46 -0700 From: EKR <ekr@rtfm.com> To: "Troy Settle" <troy@picus.com> Cc: "Raymundo M. Vega" <RaymundoVega@home.com>, "Doug Barton" <Doug@gorean.org>, <questions@FreeBSD.ORG> Subject: Re: IP vs CNAME Message-ID: <kju2f9dydt.fsf@romeo.rtfm.com> In-Reply-To: "Troy Settle"'s message of "Sun, 4 Jun 2000 11:43:32 -0400" References: <FCEELIAEIIECDGKKJLMIAECJCAAA.troy@picus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Troy Settle" <troy@picus.com> writes: > With name-based virtual hosts, it's sometimes more difficult to track down > problems, and you may be generating additional problems on secure sites > (I'm told this, I don't know from personal experience). Name based virtual hosts will not work with HTTPS. The reason for this is that the SSL handshake must happen before the server sees the "Hosts" header. But the server needs to decide which certificate to present during the handshake. As a consequence, you must use IP-based virtual hosts with HTTPS. The one exception is that you might have a wildcarded certificate that could be used for more than one virtual host. -Ekr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?kju2f9dydt.fsf>