Re: [ilugd] Running multiple SSL Virtual Hosts in Apache in single IP

Thu, 22 Sep 2005 22:00:30 -0700 

----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Sandip Bhattacharya
Sent: Friday, September 23, 2005 10:02 AM
To: The Linux-Delhi mailing list
Subject: Re: [ilugd] Running multiple SSL Virtual Hosts in Apache in
single IP

On Friday, 23 Sep 2005 09:47, Raj Shekhar wrote:

> A frequently asked question is "How can I run multiple ssl sites on a
> single IP".  The answer is "no, you cannot".  However, you can.  You
> will get the warning message that the SSL certificate does not match
the
> web site you wanted to view.  See here for details
> http://www.onlamp.com/lpt/a/5629
>
> This can be useful if you are running phpmyadmin/squirrelmail/wiki/cms
> for your organization on the internet and you want to prevent contents
> from being sniffed and you have a single IP. Since this is for your
> internal use, it is OK to have the browser pop up the warning box.


>... and since you are ok with the warning box anyway, you can use a
self 
>signed SSL certificate. You can still create your own organization CA
and 
>make everybody import its cert to eliminate "unrecognized CA" errors.

>Save more money. ;)

The SSL provides two layer of Security 
1. SSL Layer for encryption  

        A warning Message for wrong certificate *generally* indicates 
        a. The Server you are connecting has wrong certificate
installed.
        OR
        b. A man in middle  Attack is in progress.

Hence, the purpose of saving your self from getting sniffed will void.
2. Authentication Layer.
- It won't work without verification at some level.

Regarding Local CA, I am in favor of it. As long as you install the CA
certificate in Your browser from authenticate means.

- Sumit

>>>>- Sandip

-- 
Sandip Bhattacharya  *    Puroga Technologies   *     [EMAIL PROTECTED]
Work: http://www.puroga.com  *   Home/Blog: http://www.sandipb.net/blog

PGP/GPG Signature: 51A4 6C57 4BC6 8C82 6A65 AE78 B1A1 2280 A129 0FF3

_______________________________________________
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/

Event: Freedel 2005, 17th & 18th September, 2005 - http://freedel.in


_______________________________________________
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/

Event: Freedel 2005, 17th & 18th September, 2005 - http://freedel.in

Reply via email to