On 5/16/07, Hatem Jaber <[EMAIL PROTECTED]> wrote: > Everywhere I read they say that https and "named" virtual hosts are > impossible.
You can use named virtual hosts, but you can only use one *certificate* on the server, so practically speaking all of the other virtual hosts get a certificate mismatch which throws up a scary message to the user (though my understanding is that if the hosts are all in the same domain, you can use a wildcard certificate to help, but I've never tried) I have 2 IP's assigned to my production server, I am only using > one at the moment. Would this make things simpler with the install of a > secure apache for just that one IP? You can get the same effect by binding the virtual host to a particular IP -- instead of *:443 in the config you can use 1.2.3.4:443. I'd personally just use one Apache instance to make things easy unless there's other reasons to separate the instances other than SSL The only practical problem you should get from installing the certificate on the server is that some users of the "other" site will potentially get the cert-mismatch if they go to the site using https:// for some reason. Here's what I mean, assuming you've got a SSL cert for www.securesite.com http://www.securesite.com => no prob https://www.securesite.com => no prob http://www.insecuresite.com => no prob https://www.insecuresite.com => popup that the certificate names mismatch This is assuming you've got an apache instance listening like Listen 80 Listen 443 And virtual hosts that are something like <VirtualHost *:*> Servername www.securesite.com </VirtualHost> <VirtualHost *:*> Servername www.insecuresite.com </VirtualHost> You can just stop listening on the insecure site with <VirtualHost *:80> Servername www.insecuresite.com </VirtualHost> which gives folks a "site is unavailable" type message. > > ----- Original Message ----- > From: "Damien McKenna" <[EMAIL PROTECTED]> > To: "CF-Talk" <cf-talk@houseoffusion.com> > Sent: Wednesday, May 16, 2007 1:22 PM > Subject: RE: Apache with Vhosts, SSL, and CF > > > >> -----Original Message----- > >> From: Hatem Jaber [mailto:[EMAIL PROTECTED] > >> Sent: Wednesday, May 16, 2007 1:13 PM > >> Subject: Re: Apache with Vhosts, SSL, and CF > >> > >> http://hunter.campbus.com/ > >> That was very popular site with binaries ready to go, i used the > >> Apache_2.0.59-Openssl_0.9.8d-Win32.zip > > > > I got the ones from apachelounge.com as they're more current. > > > >> I am testing on XP Pro, will be implementing on the live > >> server which is Windows 2003 Server. > > > > I'll be (one of these mornings I remember to do it) migrating from IIS 6 > > to Apache 2.2 on a production server. I'm so excited X-) > > > >> I can't believe that there are no clear docs on this subject anywhere > >> whether a CF based site or any site for that matter. There > >> are bits and pieces everywhere and I guess I just can't put it > > together. > > > > I really should blog my experiences. It has been pretty straight > > forward, that said I spent several hours getting it going both at home > > (single host, SSL, specific application) and then probably a day or more > > getting everything going at work. > > > >> Do you mind sharing your configuration? > > > > I'll see what I can come up with. > > > > > > Damien McKenna > > Web Developer > > The LIMU Company > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:278309 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
