[Techtalk] SSL and name-based virtual hosting
J Neefer!
neefer at speakeasy.org
Sat Sep 13 21:10:18 EST 2003
On Sep 12, 2003 at 04:35PM (-0400), Katie Bechtold said:
> I read the following in the documentation for Apache 2.0:
>
> "Name-based virtual hosting cannot be used with SSL secure servers
> because of the nature of the SSL protocol."
>
> I'm curious about that statement. Despite running an SSL-enabled
> web server, I know little about SSL. What is it about the SSL
> protocol that is incompatible with name-based virtual hosting?
I think they are trying to get across the point that SSL certs are
registered to a specific server hostname.
Therefore if you are using name-based virtual hosting on a server
with an SSL cert, all but one of the virtual hosts will not match
the name of the SSL cert. When you try to make an SSL connection to
a hostname that has a cert, the browser compares the hostname your
browser requested to the one in the cert, and returns an error on a
mismatch.
I would guess that you could work around this by buying an SSL cert
for each virtual domain -- but the above-quoted documentation may
be indicating that Apache doesn't have a way to specify in the config
file that one virtual host should use a different SSL key/cert than
another virtual host.
--Neef
More information about the Techtalk
mailing list