-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Il 03/08/2010 11:00, Simon Josefsson ha scritto: >>>> I'm having a strange issue, though. If i try to visit a domain that has >>>> no virtual host entry for the https connection, apache is displaying the >>>> site with the ssl certificate of the first domain i specified on the ssl >>>> virtualhost config file. >>>> >>>> Is there any way i can stop this behaviour? I thought about adding a >>>> permanent redirect on every domain that does not have a ssl vhost, but >>>> i'd rather see what other options i have before doing that. >>> >>> I don't know how to solve this, but how does mod_ssl handle this? >>> Assuming mod_ssl supports SNI at all, that is, I know it didn't for a >>> long time but maybe that has changed. >> >> I think SNI has been introduced for mod_ssl into newer packages, (i.e. >> in the testing/unstable repos) but running a mixed debian system could >> be troublesome in a production enviroment. I haven't tried mod_ssl >> because of that. I don't know if this issue is caused by my mod_gnutls >> config or if it's an error on my apache config. Am i supposed to >> declare a corresponding https virtual host for every plain http one? > > I didn't say you should use mod_ssl instead. :-) Just curious how it > solved the same problem. FWIW, I've seen your problem too, and never > resolved it. It may be possible to do with configuration, but I'm not > certain what the best recommended approach should be. It would be nice > to be able to declare which virtual server should be the "catch-all" SSL > server. > > However, can't you just make sure the first SSL virtualhost server is a > "catch-all" server?
Thanks for the tip. I decided to try with a _default_:443 virtual host [1], inserting the following entry as default: <VirtualHost _default_:443> RewriteEngine On RewriteCond %{HTTPS} ON RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} </VirtualHost> But it doesn't seem to do the job, i still get the wrong certificate (i don't even get why the RewriteRule isn't working). I guess i'll just create a script to create the right https vhosts paired up with the http ones. If anyone has better options, i'm all ears. [1] http://httpd.apache.org/docs/2.2/vhosts/examples.html#default - -- Davide Mirtillo EV Network Via Emilio Salgari 14/e 31056 Roncade (TV), Italy Phone/Fax +390422798184 P.IVA 02443090267 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxYELwACgkQKhoNWaTioeZSvgCdGB1KZMJOC5kggFPwM1S1p5GX CbAAnjTAqaCSI/s3smOzDb+v3Vyj1S/h =MBT0 -----END PGP SIGNATURE----- _______________________________________________ Modules mailing list Modules@lists.outoforder.cc http://lists.outoforder.cc/mailman/listinfo/modules