[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Multiple SSL Virtualhosts on Apache 1.3



On Tue, Nov 05, 2002 at 11:00:46AM +0100, DEFFONTAINES Vincent wrote:

> I managed to create several Virtualhosts on a apache-ssl (1.3) server (same
> IP, same port, several names).

> The "trick" is to use the same Certificate for every Virtualhost, which will
> of course generate a warning on browsers,

> The non-matching {site name/certificate} is indeed a drawback, but
> maybe can be turned around?

You can use "wildcard certificates", with a CN of (e.g.)
"*.coe.int". I see two major drawbacks:

 - I'm not sure most CA will sign wildcard certificates. It's better
   for them if you buy a dozen certificates than ONE wildcard
   certificate.

   Not an issue if you run your own CA.

 - When I tried this, the infamous Microsoft Internet Explorer totally
   barfed on wildcard certificate.


If web administrators are separate from (whatever else) administrators
at your site, then the web administrators will be able to masquerade
(at the SSL level) for any machine in the domain: Print servers, ftp
server, ...

-- 
Lionel

Attachment: pgpe5N1A9B63e.pgp
Description: PGP signature


Reply to: