Re: Multiple SSL Virtualhosts on Apache 1.3

To: DEFFONTAINES Vincent <Vincent.DEFFONTAINES@coe.int>
Cc: debian-security@lists.debian.org
Subject: Re: Multiple SSL Virtualhosts on Apache 1.3
From: Steve Johnson <steve@webninja.com>
Date: 06 Nov 2002 09:26:00 -0600
Message-id: <[🔎] 1036596365.8724.3.camel@monkeypaw>
In-reply-to: <[🔎] 51341B7FA34CD2119FA20008C7289B1C049BAABE@panoramix.coe.int>
References: <[🔎] 51341B7FA34CD2119FA20008C7289B1C049BAABE@panoramix.coe.int>

I just choose one good generic domain, ie: secure.mydomain.com, get that
signed, and put anything that's passing sensitive info(sign-ups, forms,
logins,etc) to that location.  I've found it much better to send users
to another domain that has a signed cert. then to keep them in the
domain with an unsigned cert.  It saves money too.

On Tue, 2002-11-05 at 04:00, DEFFONTAINES Vincent wrote:
> Greetings,
> 
> I managed to create several Virtualhosts on a apache-ssl (1.3) server (same
> IP, same port, several names).
>  
> The "trick" is to use the same Certificate for every Virtualhost, which will
> of course generate a warning on browsers, due to certificate not matching
> most of the sites names. But it does work.
> 
> For clarity below is an extract of httpd.conf
> 
> I am wondering whether anyone else uses that in a production environnment,
> and whether this working is due to a side-effect on the way apache works. I
> didn't find it on any doc nor any howto.
> 
> The non-matching {site name/certificate} is indeed a drawback, but maybe can
> be turned around? If I have an official certificate for ssl.foo.com, and I
> use it for foo{n}.ssl.foo.com, maybe it could be "secure enough" for some
> applications? (just like I noticed the HTTPS certiifcate for
> "mail.yahoo.com" is actually signed for "login.yahoo.com")
> 
> Since I read several at several places on the Web that it was not possible
> to build several HTTPS VirtualHosts on the same IP/Port, I'd like to add
> this to the discussion.
> 
> Your comments will be appreciated.
> 
> Vincent
> 
> 
> *************************
> httpd.conf sample :
> 
> <VirtualHost 1.2.3.4:443>
>    ServerName ssl1.bar.com
>    SSLEngine On
>    SSLCertificateFile /etc/apache/certificate/server.crt
>    SSLCertificateKeyFile /etc/apache/certificate/server.key
>    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
>    CustomLog /var/log/apache/ssl1_request_log common
>    ErrorLog /var/log/apache/ssl1-error.log
>    DocumentRoot /var/www/ssl1/
> </Virtualhost>
> 
> <VirtualHost 1.2.3.4:443>
>    ServerName ssl2.bar.com
>    SSLEngine On
>    SSLCertificateFile /etc/apache/certificate/server.crt
>    SSLCertificateKeyFile /etc/apache/certificate/server.key
>    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
>    CustomLog /var/log/apache/ssl2_request_log common
>    ErrorLog /var/log/apache/ssl2-error.log
>    DocumentRoot /var/www/ssl2/
> </Virtualhost>
> *************************
> 
> 
> 
>  .''`.                            | Vincent Deffontaines
> : :'  :   Debian GNU/Linux        | Network Administrator
> `. `~'    http://www.debian.org   | Council of Europe
>   `-	    
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Multiple SSL Virtualhosts on Apache 1.3
  - From: DEFFONTAINES Vincent <Vincent.DEFFONTAINES@coe.int>

Prev by Date: Re: Multiple SSL Virtualhosts on Apache 1.3
Next by Date: Apache in SID
Previous by thread: Re: Multiple SSL Virtualhosts on Apache 1.3
Next by thread: chrooting apache[ssl,php,perl] and some mta
Index(es):
- Date
- Thread