Re: do i need a dedicated ip address for https?
Laszlo == Laszlo Nagy gand...@shopzeus.com writes: Laszlo But there are possibilities. You can use different SSL certificates for the Laszlo same ip address and different port numbers: Laszlo https://your_domain_1:4430 Laszlo https://your_domain_2:4431 That's a bad idea if you expect that any of your visitors are coming from behind most corporate firewalls, because the proxy CONNECT command is almost always limited to port 443 as a security feature. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.posterous.com/ for Smalltalk discussion ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: do i need a dedicated ip address for https?
2010/12/22 S Mathias smathias1...@yahoo.com: http://help.godaddy.com/article/1054 # Set up SSL protection on your website. is it an inescapable requirement to have a dedicated [not fix] ip address, when i want to use ssl on my domain? thank you happy Christmas! :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org mod_gnutls can do 'Server Name Indication' and mod_ssl with apache_2.2 should do it too https://issues.apache.org/bugzilla/show_bug.cgi?id=34607 http://svn.apache.org/viewvc?view=revisionrevision=776281 But hoster may not use mod_gnutls or not recent version of apache, so it may not support multiple ssl with single IP. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: do i need a dedicated ip address for https?
On 2010-12-22 07:53, S Mathias wrote: http://help.godaddy.com/article/1054 # Set up SSL protection on your website. is it an inescapable requirement to have a dedicated [not fix] ip address, when i want to use ssl on my domain? Obviously, you cannot have a website without an IP address. Another strict rule is that you can only use one SSL certificate per IP address + PORT. This is determined by the SSL protocol, and you cannot do anything to change it. But there are possibilities. You can use different SSL certificates for the same ip address and different port numbers: https://your_domain_1:4430 https://your_domain_2:4431 etc. (where your_domain_1 and your_domain_2 have the same IP, and you have different certificates from them). You can also use many host names with the same IP address and port number, but they will have to share the same SSL certificate. It is not a problem, if they are subdomains, and you own a wildcard certificate. Example: https://sub1.yourdomain.com https://sub2.yourdomain.com https://sub3.yourdomain.com etc. (where you have a wildcard certificate for *.yourdomain.com) And finally, it is possible to use different domains and the same port, without wildcard certificate or subdomains, but then all connecting clients will complain about the problem (e.g. certificate belongs to a domain that differs from the one you are connecting to.) For any serious projects, this is not recommended. You cannot expect customers sending you private information on a website that cannot identify itself... Best, Laszlo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: do i need a dedicated ip address for https?
On Wednesday 22 December 2010 07:53:11 S Mathias wrote: is it an inescapable requirement to have a dedicated [not fix] ip address, when i want to use ssl on my domain? It's only necessary if you want to use name based virtual hosts with a different SSL certificate for each virtual host. This is most likely the case on a shared hosting provider like godaddy. The problem is that the clients set up the SSL connection before they send the HTTP request (which contains the name of the virtual host), so the server has no way of knowing which certificate it should present to the client. happy Christmas! :) Happy Christmas indeed! - Pieter ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: do i need a dedicated ip address for https?
No, I've done that before I could get what's called a pointer record or reverse DNS for my mail server ... Register a domain and setup the DNS server. If the ip is dynamic you have to regularly update your DNS server. The forward zones will work. If you use openssl to generate your own ssl certificates ... (./configure --enable-so --enable-ssl) They wont be recognized by the certificate authority. eg: https://mail.nvita.org try it. VirtualHost _default_:443 # General setup for the virtual host DocumentRoot /usr/local/apache2/htdocs ServerName mail.nvita.org:443 ServerAdmin mkear...@nvita.org UseCanonicalName On ProxyVia Off ProxyPreserveHost On ProxyPass /owa ! ProxyPass / http://192.168.0.3:99/owa/ ProxyPassReverse / http://mail.nvita.org:99/owa/ ErrorLog /usr/local/apache2/logs/error_log TransferLog /usr/local/apache2/logs/access_log ___ From: owner-freebsd-questi...@freebsd.org [owner-freebsd-questi...@freebsd.org] On Behalf Of c0re [nr1c...@gmail.com] Sent: Wednesday, December 22, 2010 7:37 AM To: freebsd-questions@freebsd.org Subject: Re: do i need a dedicated ip address for https? 2010/12/22 S Mathias smathias1...@yahoo.com: http://help.godaddy.com/article/1054 # Set up SSL protection on your website. is it an inescapable requirement to have a dedicated [not fix] ip address, when i want to use ssl on my domain? thank you happy Christmas! :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org mod_gnutls can do 'Server Name Indication' and mod_ssl with apache_2.2 should do it too https://issues.apache.org/bugzilla/show_bug.cgi?id=34607 http://svn.apache.org/viewvc?view=revisionrevision=776281 But hoster may not use mod_gnutls or not recent version of apache, so it may not support multiple ssl with single IP. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
