Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 30 Apr 2004 14:30:34 -0600
From:      "Chad Leigh -- Shire.Net LLC" <chad@shire.net>
To:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: two domain names - one IP - both SSL
Message-ID:  <3B91A035-9AE5-11D8-97F0-003065A70D30@shire.net>
In-Reply-To: <4092B268.1010307@elvandar.org>
References:  <20040430051944.GA28108@skytrackercanada.com> <20040430103917.GA7205@lb.tenfour> <409232EE.6020800@elvandar.org> <Pine.GSO.4.58.0404301222110.23544@mail.ilrt.bris.ac.uk> <4092B268.1010307@elvandar.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Apr 30, 2004, at 2:09 PM, Remko Lodder wrote:

> Heya,
>
>> Your HTTP client is broken and isn't checking SSL certificates
>> correctly? Or you didn't meet the "one IP" requirement of the original
>> poster. Or you served up the same SSL certificate for every vhost.
>
> Well it's not a real cert. indeed, i cannot afford that, and true, 
> it's the same certificate for every vhost i used.
>
>> HTTPS establishes an SSL connection with the server prior to _any_ 
>> HTTP
>> conversation. Since SSL requires a certificate which is linked to the
>> server host name, and the virtual host name hasn't been transmitted by
>> the client yet, there's no way short of ESP for the server to tell 
>> which
>> SSL certificate to use. There's a detailed explanation on the apache
>> website; but this isn't an apache failing so much as a general issue
>> with HTTP/SSL.
>
> Well, i keep wondering then how i got my secure webmail online, secure 
> ids viewing etc. (different hostnames on the same ip adres, (i only 
> have one ip addr)).
>

Your client is not checking or is set to ignore certificate problems, 
or you could have a wildcard certificate that will match any hosts in 
the domain name... (But wildcard certs are generally expensive so I 
doubt that).  A wildcard cert for *.yourdomain.com would match  
webmail.yourdomain.com and www.yourdomain.com equally...

Chad

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B91A035-9AE5-11D8-97F0-003065A70D30>