Robert & all, The simple answer is: "Only ONE SSL vhost on any IP/Port combination".. The SSL connection is established BEFORE the HTTP header is sent.. Refer http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 This is THE most common question on the mod_ssl users group.. If you want/need to operate more that one SSL vhost (eg: different domain or host names) then you MUST use a different IP address or Port number.. Rgds Jeff ----- Original Message ----- From: "Robert" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 22, 2001 5:20 PM Subject: Thanks Peter. Re: How do webcerts work with virtual hosts? > Hi Peter, > Thanks. That's what I thought. > > > Webcerts are registered to DOMAINS not servers. You can either purchase > > certs for a specified web address (e.g. www.yourdomain.com) or for any > > machine in the whole domain (e.g. *.yourdomain.com). > > That's ok then. > > > > > Virtual hosts work quite well with certs but there is only one problem. > Due > > to the level which the SSL layer sits every https site must be served on a > > different IP address so the webserver knows which cert to send to the > client > > browser. > > looking at it, wouldn't this enable different vhosts to have individual > certs? Just change that "/usr/local/apache/etc/ssl.crt/server.crt" to what > ever it need to be to pi\oint to this vhosts cert. ??? > > <If Define SSL> > <VirtualHost xxx.xxx.xxx.xxx> > ....... > SSLEngine on > SSLCertificateFile /usr/local/apache/etc/ssl.crt/server.crt > SSLCertificateKeyFile /usr/local/apache/etc/ssl.key/server.key > </VirtualHost> > </IfDefine> > > I'll give it a go with the 'snakeoil' cert. > > > > I have all my domains being server through Apache on a single IP address > but > > same here. > > > then I only have one SSL enabled site. > > same here, but may be more in the future. > > > If I want to serve another then it > > will need to be setup on a different IP address. > > Not a major problem for me indivudually, I have 250 of them, but a pain none > the less when I could do it all under vhosts. I'll see. > > Thanks > Robert > > > > > > > -- > > Regards, > > +-----------------------+---------------------------------+ > > | Peter Kiem | E-Mail : <[EMAIL PROTECTED]> | > > | Zordah IT | Mobile : +61 0414 724 766 | > > | IT Consultancy & | WWW : www.zordah.net | > > | Internet Hosting | ICQ : "Zordah" 866661 | > > +-----------------------+---------------------------------+ > > > > > > > > >
