[FX.php List] [OFF] Strange SSL cert occurrences...

Bob Patin bob at patin.com
Mon Jan 12 12:07:18 MST 2009


That's much more than I know about web serving... :)

When I put a static IP on one of the domains, it cleared it all up; I  
guess that's what I'll have to do whenever I put more than one SSL  
cert on the same web server.

Bob Patin
Longterm Solutions LLC
bob at longtermsolutions.com
615-333-6858
http://www.longtermsolutions.com
Twitter: bobpatin
iChat/AIM: bobpatin
FileMaker 9 Certified Developer
Member of FileMaker Business Alliance & TechNet
--------------------------
FileMaker hosting and consulting for all versions of FileMaker
PHP • Full email services • Free DNS hosting • Colocation • Consulting

On Jan 12, 2009, at 11:53 AM, Leo R. Lundgren wrote:

> I think that the first encountered certificate is used, due to the  
> simple reason that in order to use a specific certificate based on  
> what virtual host is requested, the server needs to look at the  
> Host: HTTP header of the transmission, and since encrypting the  
> whole transmission (including the HTTP headers) is what the  
> certificate is meant to do, it's just an endless loop that doesn't  
> work (for name-based virtual hosts, port-based ones should be  
> different but that's not very useful for you unless you proxy the  
> traffic). That's why the first cert is used.
>
> To accomodate the need we're moving towards TLS with HTTP, so that a  
> HTTP connection can be set up and then "upgraded" to an encrypted  
> channel post-initial-headers and pre-sending-data-that-needs-to-be- 
> secure. However I dunno how far that work has gotten (I think it's  
> good in "open" browsers, but IE and what not lags behind as usual).



More information about the FX.php_List mailing list