From owner-freebsd-questions@FreeBSD.ORG Fri Apr 30 04:30:30 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 072B516A4CE for ; Fri, 30 Apr 2004 04:30:30 -0700 (PDT) Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D60743D39 for ; Fri, 30 Apr 2004 04:30:29 -0700 (PDT) (envelope-from Jan.Grant@bristol.ac.uk) Received: from mail.ilrt.bris.ac.uk ([137.222.16.62]) by dire.bris.ac.uk with esmtp (Exim 4.30) id 1BJWDm-00063b-Sw; Fri, 30 Apr 2004 12:30:22 +0100 Received: from cmjg (helo=localhost) by mail.ilrt.bris.ac.uk with local-esmtp (Exim 3.16 #1) id 1BJW9m-00043s-00; Fri, 30 Apr 2004 12:26:14 +0100 Date: Fri, 30 Apr 2004 12:26:14 +0100 (BST) From: Jan Grant X-X-Sender: cmjg@mail.ilrt.bris.ac.uk To: Remko Lodder In-Reply-To: <409232EE.6020800@elvandar.org> Message-ID: References: <20040430051944.GA28108@skytrackercanada.com> <20040430103917.GA7205@lb.tenfour> <409232EE.6020800@elvandar.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: Jan Grant X-Spam-Score: 0.0 X-Spam-Level: / cc: David Banning cc: Dick Davies cc: FreeBSD Questions Subject: Re: two domain names - one IP - both SSL X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Apr 2004 11:30:30 -0000 On Fri, 30 Apr 2004, Remko Lodder wrote: > Dick Davies wrote: > > > * David Banning [0421 06:21]: > > > >>I am wondering how I could run SSL on two different domain names > >>using just one IP address. > >> > >>I am using virtual hosting with apache. > >> > >>Is that possible? > > > > > > No. > > Can someone explain to me then, that i had different https sites? > covering IDS networks/ mail networks etc? > > I did that with :443> > Now then, that tended to work.. Your HTTP client is broken and isn't checking SSL certificates correctly? Or you didn't meet the "one IP" requirement of the original poster. Or you served up the same SSL certificate for every vhost. HTTPS establishes an SSL connection with the server prior to _any_ HTTP conversation. Since SSL requires a certificate which is linked to the server host name, and the virtual host name hasn't been transmitted by the client yet, there's no way short of ESP for the server to tell which SSL certificate to use. There's a detailed explanation on the apache website; but this isn't an apache failing so much as a general issue with HTTP/SSL. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ Political talk? / What is said can be unsaid / with good old BS -- ASCII haiku