Re: DNS aliases & modssl
OK. I think I get it. Looks like the simple solution would be to get a CA cert for the short domain and provide links to the SSL portion to make sure it is accessed via the proper URL and limit access in the SSL section of the site to only accept from that referring page. Thanks. - Dale Weaver [EMAIL PROTECTED] On Thu, 28 Feb 2002, Luciano Miguel Ferreira Rocha wrote: > On Thu, Feb 28, 2002 at 10:23:56AM -0500, Dale Weaver wrote: > > pretty long but I have another domain that is short. How does modssl > > determine which DN it is running > > under when it compares it to the cert? Is it DNS, httpd.conf, URL > > accessed, hostname, etc.? > > AFAIK modssl does *not* compare the cert with the DN. Only the browser does > that. > > And if both DN point to the same IP address, how can modssl, or any server, > know what DN the client used? > > modssl returns the cert as specified in httpd.conf, under a VirtualHost > section. And that respective VirtualHost can only be calculated by the > destination IP address (the one the client's is connecting to). > > So, you'll either need to use different IP addresses for each DN, or, > in your non-ssl site and https urls, point to just one address. > > Regards, > Luciano Rocha > > -- > Luciano Rocha, [EMAIL PROTECTED] > > The trouble with computers is that they do what you tell them, not what > you want. > -- D. Cohen > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: DNS aliases & modssl
On Thu, Feb 28, 2002 at 10:23:56AM -0500, Dale Weaver wrote: > pretty long but I have another domain that is short. How does modssl > determine which DN it is running > under when it compares it to the cert? Is it DNS, httpd.conf, URL > accessed, hostname, etc.? AFAIK modssl does *not* compare the cert with the DN. Only the browser does that. And if both DN point to the same IP address, how can modssl, or any server, know what DN the client used? modssl returns the cert as specified in httpd.conf, under a VirtualHost section. And that respective VirtualHost can only be calculated by the destination IP address (the one the client's is connecting to). So, you'll either need to use different IP addresses for each DN, or, in your non-ssl site and https urls, point to just one address. Regards, Luciano Rocha -- Luciano Rocha, [EMAIL PROTECTED] The trouble with computers is that they do what you tell them, not what you want. -- D. Cohen __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
DNS aliases & modssl
I have got modssl 2.8.26 compiled in Apache 1.3.23. It works fine on my workstation where I built it to test, however I have not put it on my production webserver. My web server has a fully qualified DN that is pretty long but I have another domain that is short. How does modssl determine which DN it is running under when it compares it to the cert? Is it DNS, httpd.conf, URL accessed, hostname, etc.? If someone accesses my site under the www.very.very.long.domain via https and my cert is built for www.short.dom and the server name in httpd.conf is www.very.very.long.domain, will it still work? They are both the same in DNS. Dual entries for the address and not just an alias. Just a little confused about how modssl handles multiple domain names for the same server given that the certs are domain specific. Any clarification is appreciated. Dale - __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
