On Tue, Jul 17, 2001 at 06:52:42PM +1000, Jeff wrote:
> Jan,
>
> What is the host name (common name) in the certificates ???
> I suspect you have used *.mydomain.dom - correct ???
>
> If so, then it is quite simple
> 1/. browser looks up DNS and gets IP,
> 2/. browser connects to IP port 443,
> 3/. apache provides FIRST certificate (which has CN=*.mydomain.dom - which
> matches BOTH host1 & host2)
> 4/. browser and apache secure the connection
> 5/. browser send HTTP request over the secured channel
Note: this is also the time where the Host header is sent, and as such
the first time Apache knows which vhost it is supposed to use.
> 6/. apache uses the HTTP request to send to appropriate v-host..
> 7/. all APPEARS to work fine..
>
Old msie's (< 4) and a few builds in the 4.x and 5.x series does not
allow wildcards in certificates (see the archive for this list and
openssl-users for details).
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
