[FX.php List] [OFF] Strange SSL cert occurrences...
Leo R. Lundgren
leo at finalresort.org
Mon Jan 12 12:09:55 MST 2009
Yeah, either set the vhost to its own IP or its own port.
12 jan 2009 kl. 20.07 skrev Bob Patin:
> That's much more than I know about web serving... :)
>
> When I put a static IP on one of the domains, it cleared it all up;
> I guess that's what I'll have to do whenever I put more than one
> SSL cert on the same web server.
>
> On Jan 12, 2009, at 11:53 AM, Leo R. Lundgren wrote:
>
>> I think that the first encountered certificate is used, due to the
>> simple reason that in order to use a specific certificate based on
>> what virtual host is requested, the server needs to look at the
>> Host: HTTP header of the transmission, and since encrypting the
>> whole transmission (including the HTTP headers) is what the
>> certificate is meant to do, it's just an endless loop that doesn't
>> work (for name-based virtual hosts, port-based ones should be
>> different but that's not very useful for you unless you proxy the
>> traffic). That's why the first cert is used.
>>
>> To accomodate the need we're moving towards TLS with HTTP, so that
>> a HTTP connection can be set up and then "upgraded" to an
>> encrypted channel post-initial-headers and pre-sending-data-that-
>> needs-to-be-secure. However I dunno how far that work has gotten
>> (I think it's good in "open" browsers, but IE and what not lags
>> behind as usual).
-|
More information about the FX.php_List
mailing list