----- "Martin Kuba" <ma...@ics.muni.cz> wrote: > Dne 28.1.2011 02:51, bf...@free-man.net napsal(a): > > The certificate is not trusted because it is self-signed. > > The certificate is only valid for free-man.net > > > > what am I doing wrong? > > You can not use name-based virtual hosts for SSL if your Apache is > older than 2.2.12 > or your OpenSSL does not support SNI or the client is MSIE on Windows > XP. > > In other words, you need a separate IP address for each SSL > certificate, > because the SSL connection is established before the HTTP connection > takes place > and the server does not know which certificate to choose. > > See > http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts > http://en.wikipedia.org/wiki/Server_Name_Indication
Also see: http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI > Use IP-based virtual hosts instead. > > Cheers > > Martin > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Supercomputing Center Brno Martin Kuba > Institute of Computer Science email: ma...@ics.muni.cz > Masaryk University http://www.ics.muni.cz/~makub/ > Botanicka 68a, 60200 Brno, CZ mobil: +420-603-533775 > -------------------------------------------------------------- i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
