Re: name based virtual host and apache-ssl - thanx
On Wed, 24 Mar 2004, Haim Ashkenazi wrote:
> Haim Ashkenazi wrote:
>
> > Hi
> >
> > I'm running a web (ssl) server with several virtual domains. at the moment
> > they are name based (non-ip) which of course produce a warning in the
> > user's browser when he try to connect to a host that is not the default
> > one (key). I've looked in the documentation and found that ssl doesn't
> > support name based virtual domains. I was wondering if there is a way
> > around that (like using rewrite rules). say I want to offer web hosting,
> > do I need to have different IP for every https domain I'm hosting? this
> > could result in having to buy a few hundred IP's...
> >
> well, I guess I'll have to use all my IP's...
Well, actually there is a solution: use wild cards in the name of the
keys. You can make the certificate for *.mycompany.com for several web
sites within mycompany.com, or you can go so far as to use * for any host
name. Most modern browsers will accept such a certificate, some will
complain and still accept it.
As far as security is concerned, the encryption is just as secure as with
any other certificate. The only problem might arise if someone steals the
private key and sets up another web site. They can then pretend you
signed the certificate for their site and use it in a phishing attack.
However, the barrier for phishing attacks low because of social
engineering and not because of fake certificates. And then you can guard
your private key in the first place.
Hope this helps. -- Elmar
--
Dr. Elmar S. Heeb, HPV F58 email: heeb@phys.ethz.ch
Departement Physik, ETH Zurich voice: +41 1 633 2591
CH-8093 Zurich fax: +41 1 633 1239
Switzerland mobile: +41 79 628 7524
Reply to: