>>>>> "Raj" == Raj Shekhar <[EMAIL PROTECTED]> writes:
Raj> in infinite wisdom Sumit Malhotra spoke thus On 09/23/2005 Raj> 10:27 AM: >> The SSL provides two layer of Security 1. SSL Layer for >> encryption >> >> A warning Message for wrong certificate *generally* indicates >> a. The Server you are connecting has wrong certificate >> installed. OR b. A man in middle Attack is in progress. >> >> Hence, the purpose of saving your self from getting sniffed >> will void. Raj> Yes, I agree. However, if the data passing on the network is Raj> quite sensitive, then you are better off putting the vhosts Raj> on different IP and generating a SSL certificate for each. Raj> If, however, you want to have a quick hack to prevent the Raj> script kiddies from snooping your passwords (when using Raj> phpmyadmin or a cms running on http), then you can use the Raj> above method. It is not foolproof - please see the article I Raj> pointed out. The author notes that Raj> " When you run multiple SSL sites from a single certificate, Raj> you have the same level of encryption that you would have on Raj> any "correctly configured" SSL site. However, you completely Raj> forfeit any authentication ordinarily offered by SSL. " When do you need validation and verification? Usually when you're doing e-commerce on the SSL site and want the user to feel secure that s/he is connecting to the right place and giving his/her CC number. Encryption, OTOH, is much more prevalent and ensures that your data is protected in transit. Useful if you're filling confidential information into web forms, etc., which many of us do on a daily basis. The method suggested (allowing encryption without verification) is a good way to achieve the latter. If you're, e.g., accepting CC numbers you would have paid for an extra IP and a (useless IMO) global certificate anyway :) BTW, I think you can get around the mis-match warning problem by running your SSL VHOSTS on separate ports. Can anyone confirm/deny this? Regards, -- Raju -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/ Event: Freedel 2005, 17th & 18th September, 2005 - http://freedel.in