Re: name based virtual host and apache-ssl

To: debian-security@lists.debian.org
Subject: Re: name based virtual host and apache-ssl
From: Ivan Brezina <ivan@cvut.cz>
Date: Wed, 24 Mar 2004 13:19:12 +0100
Message-id: <[🔎] 40617CC0.6030205@cvut.cz>
In-reply-to: <[🔎] c3rpeh$jgg$1@sea.gmane.org>
References: <[🔎] c3rpeh$jgg$1@sea.gmane.org>

Haim Ashkenazi wrote:

Hi

I'm running a web (ssl) server with several virtual domains. at the moment
they are name based (non-ip) which of course produce a warning in the
user's browser when he try to connect to a host that is not the default one
(key). I've looked in the documentation and found that ssl doesn't support
name based virtual domains. I was wondering if there is a way around that
(like using rewrite rules). say I want to offer web hosting, do I need to
have different IP for every https domain I'm hosting? this could result in
having to buy a few hundred IP's...


Best solution is to have IP for each virtual domain.

Tricky solution is to use X509v3 extension in certificate
called alternativeHostname. You can have many alternativeHostname
records in one certificate.
Usig this you can use one certificate for all domains.

But this is realy ugly solution. You have to regenarate certificate eachtime some of your domains changes. And of course some clients do notunderstand X509v3 extensions.



Ivan Brezina

Reply to:

References:
- name based virtual host and apache-ssl
  - From: Haim Ashkenazi <haim@babysnakes.org>

Prev by Date: Re: name based virtual host and apache-ssl
Next by Date: Re: name based virtual host and apache-ssl
Previous by thread: Re: name based virtual host and apache-ssl
Next by thread: Re: name based virtual host and apache-ssl - thanx
Index(es):
- Date
- Thread