On 3/6/06, Daniel Rogers <[EMAIL PROTECTED]> wrote: > My SSL virtual hosts are, effectively, Name based, not port based (there > are only two ports involved 443, and 444 for unlimited virutal hosts). > All ssl virtual hosts are on port 444, and their name is used to > distinguish them.
So you're unable to set things like client authentication, CRL checking, or restrictive ciphers at a per-vhost level? It's unclear to me whether the specific vhosts are HTTP or HTTPS, but either way it's not the browser talking to them, right? Don't you get this same "solution" with 1 RewriteRule (proxied, not redirected) and a certificate crafted the way you describe? > I'll answer these two points together. subjectAltName doesn't have to > allow an "all purpose" certificate. It can be on a single host, or an > enumerated set of hosts. How do you add a new host? How do you revoke a certificate or know where to do CRL checking for an organization if it's all common? -- Eric Covener [EMAIL PROTECTED]