Date: Fri, 2 Jan 2004 20:19:59 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Marius Kirschner <marius@agoron.net> Cc: 'FreeBSD Questions' <freebsd-questions@freebsd.org> Subject: Re: Changing Apache Message-ID: <20040102201959.GA33318@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <200401022003.i02K3ewd033257@smtp.infracaninophile.co.uk> References: <20040102184635.GA32364@happy-idiot-talk.infracaninophile.co.uk> <200401022003.i02K3ewd033257@smtp.infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 02, 2004 at 03:03:39PM -0500, Marius Kirschner wrote: > > > Also, if I get a certificate for www.whatever.com will I be able to= =20 > > > refer to it via http:// and https://? > >=20 > > Well, ish. When you compile the port, you will be given the=20 > > option to generate several flavours of test key. These will=20 > > permit the HTTPS server to work, but visitors will get=20 > > pop-ups all the time warning that your site isn't trusted. =20 > > You will have to generate a .csr (Certificate Signing=20 > > Request) and send it off to one of the CAs to get it signed=20 > > by a recognised key, and then everything will work smoothly. >=20 > Well, I realize I need to get an "official" certificate to avoid those > annoying pop-ups, but what I'm not sure about is whether I can go with a > cert for www.whatever.com and use that for my https pages, or if I need to > get a cert for something like secure.whatever.com and use that for https > while the www.whatever.com will remain strictly http? >=20 > I guess what I'm asking is, in the httpd.conf can I have 1 entry for the > same virtualhost - one for port 80 and the other for 443? Yes, you can have both http://www.example.com/ and https://www.example.com/ simultaneously on the same server -- these can have entirely separate content or can have exactly the same. Or you can have separate virtual hosts with distinct names for HTTP and HTTPS services. Just make sure that the DN (Distinguished Name) in the certificate you generate matches whatever you call your HTTPS server. Also, if you need more than one HTTPS virtual host on your machine, be aware that you will need separate IP for each HTTPS vhost. (It's a catch 22 -- with Name Virtual Hosts the appropriate virtual host name is selected using a field in the HTTP packet, but with HTTPS you need to know which vhost the packet is intended for so that you can decode it and work out which vhost the packet is for... Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --UugvWAfsgieZRqgk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQE/9dJvdtESqEQa7a0RAi4VAJ4hBt3m3ImqzeWhNYAAMX0roZF3TgCcD9uo I4ZG4skP9rec0rW+5abgkSk= =TKv4 -----END PGP SIGNATURE----- --UugvWAfsgieZRqgk--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040102201959.GA33318>