From owner-freebsd-questions@FreeBSD.ORG  Fri Jan  2 12:20:40 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 03B2E16A4CE
	for <freebsd-questions@freebsd.org>;
	Fri,  2 Jan 2004 12:20:40 -0800 (PST)
Received: from smtp.infracaninophile.co.uk
	(happy-idiot-talk.infracaninophile.co.uk [81.2.69.218])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CF55E43D2D
	for <freebsd-questions@freebsd.org>;
	Fri,  2 Jan 2004 12:20:33 -0800 (PST)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1])
	i02KJxwd033440
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 2 Jan 2004 20:20:01 GMT
	(envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk)
Received: (from matthew@localhost)id i02KJxvd033439;
	Fri, 2 Jan 2004 20:19:59 GMT	(envelope-from matthew)
Date: Fri, 2 Jan 2004 20:19:59 +0000
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
To: Marius Kirschner <marius@agoron.net>
Message-ID: <20040102201959.GA33318@happy-idiot-talk.infracaninophile.co.uk>
Mail-Followup-To: Matthew Seaman <m.seaman@infracaninophile.co.uk>,
	Marius Kirschner <marius@agoron.net>,
	'FreeBSD Questions' <freebsd-questions@freebsd.org>
References: <20040102184635.GA32364@happy-idiot-talk.infracaninophile.co.uk>
	<200401022003.i02K3ewd033257@smtp.infracaninophile.co.uk>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="UugvWAfsgieZRqgk"
Content-Disposition: inline
In-Reply-To: <200401022003.i02K3ewd033257@smtp.infracaninophile.co.uk>
User-Agent: Mutt/1.5.5.1i
X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham 
	version=2.61
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on 
	happy-idiot-talk.infracaninophile.co.uk
cc: 'FreeBSD Questions' <freebsd-questions@freebsd.org>
Subject: Re: Changing Apache
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jan 2004 20:20:40 -0000


--UugvWAfsgieZRqgk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jan 02, 2004 at 03:03:39PM -0500, Marius Kirschner wrote:
> > > Also, if I get a certificate for www.whatever.com will I be able to=
=20
> > > refer to it via http:// and https://?
> >=20
> > Well, ish.  When you compile the port, you will be given the=20
> > option to generate several flavours of test key.  These will=20
> > permit the HTTPS server to work, but visitors will get=20
> > pop-ups all the time warning that your site isn't trusted. =20
> > You will have to generate a .csr (Certificate Signing=20
> > Request) and send it off to one of the CAs to get it signed=20
> > by a recognised key, and then everything will work smoothly.
>=20
> Well, I realize I need to get an "official" certificate to avoid those
> annoying pop-ups, but what I'm not sure about is whether I can go with a
> cert for www.whatever.com and use that for my https pages, or if I need to
> get a cert for something like secure.whatever.com and use that for https
> while the www.whatever.com will remain strictly http?
>=20
> I guess what I'm asking is, in the httpd.conf can I have 1 entry for the
> same virtualhost - one for port 80 and the other for 443?

Yes, you can have both http://www.example.com/ and
https://www.example.com/ simultaneously on the same server -- these
can have entirely separate content or can have exactly the same.

Or you can have separate virtual hosts with distinct names for HTTP
and HTTPS services.  Just make sure that the DN (Distinguished Name)
in the certificate you generate matches whatever you call your HTTPS
server.

Also, if you need more than one HTTPS virtual host on your machine, be
aware that you will need separate IP for each HTTPS vhost.  (It's a
catch 22 -- with Name Virtual Hosts the appropriate virtual host name
is selected using a field in the HTTP packet, but with HTTPS you need
to know which vhost the packet is intended for so that you can decode
it and work out which vhost the packet is for...

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--UugvWAfsgieZRqgk
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQE/9dJvdtESqEQa7a0RAi4VAJ4hBt3m3ImqzeWhNYAAMX0roZF3TgCcD9uo
I4ZG4skP9rec0rW+5abgkSk=
=TKv4
-----END PGP SIGNATURE-----

--UugvWAfsgieZRqgk--