Remi Cohen-Scali:
> My question is the following: Is this a future functionnality planned or
> is there some good reasons (still obscur to me, but not for so long ...)
> to forbid name-based virtual hosts with ssl ?
This must be an FAQ but here's the answer anyway.
There is a Chicken and Egg problem associated with name-based VHs which
goes like this. Before the HTTP Request is sent to the webserver, a
secure connection (SSL) is set up with the webserver. In order to set
one up you need to get the certificate for the server. In order to get
the correct certificate for the server you need to know what vhost
you're talking to. In order to determine the vhost you need the HTTP
Request. But the browser can't send the HTTP request until an SSL
connection is set up, otherwise there would be very little point in
setting up a secure connection anyway.
> Name based virtual host is the only mean I have (at an acceptable price)
> to host several secured web site (as I have only one IP addr.
One solution I've come up with is using port-based vhosts. But there is
a big disadvantage here: many companies are behind firewalls that only
allow SSL connections to the standard SSL Port (443). So if you have a
vhost listening on 444, some clients wont be able to connect to your
site. Btw, if you want to know how to link to a different port - that's
an FAQ too so go find it there :-)
Hans
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
