Re: [users@httpd] Idea for SSL with name-based Vhosts using two servers, mod_rewrite, and mod_proxy

Thu, 08 Jan 2009 07:03:23 -0800 

Bruno - e-comBR wrote:

2009/1/8 Brian Mearns <mearn...@gmail.com>


On Thu, Jan 8, 2009 at 9:23 AM, Eric Covener <cove...@gmail.com> wrote:

On Thu, Jan 8, 2009 at 8:45 AM, Brian Mearns <mearn...@gmail.com> wrote:

Is that possible if I want to serve both secure and unsecure (80 and
443)? If I just setup my root configuration (i.e., not in a vhost) to
listen on port 80 and 443 and turn on the SSL engine, then all the
content will be encrypted, won't it?

No, you can turn on SSL in a single virtualhost (<virtualhost *:443>)
and serve non-SSL from either the "base" server or another virtual
host (<virtualhost *:80>)


It's nice. I've been setup today two HTTPS connections with the same
certificates, using two hosts. But I don't care so much because we use it
just for encryption.

But I just ask: how apache "knows" what's the right private key without the
performance cost of loading/trying each key?? Remembering that before
decrypting it apache don't know what's the right vhost



As I thought. So it looks like I'm falling back to my original
solution of using two servers and proxy rewrites...

Thanks,
Brian

--

Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
In a scenario where you have two vhosts on *:443, apache will serve the certificate from the first vhost for both sites, therefore generating a SSL certificate mismatch if a client were to request content from the second vhost, and so on. 

Frank.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to