[FX.php List] [OFF] Strange SSL cert occurrences...

Head Honcho headhoncho at customikesolutions.com
Mon Jan 12 20:40:55 MST 2009


Hi Bob,

The short answer, is that you can only have one SSL certificate per  
port per IP address.  If you want to have more than one certificate on  
an IP address, you can send it through a different port, and it will  
work just fine.

On 13/01/2009, at 6:09 AM, Leo R. Lundgren wrote:

> Yeah, either set the vhost to its own IP or its own port.
>
> 12 jan 2009 kl. 20.07 skrev Bob Patin:
>
>> That's much more than I know about web serving... :)
>>
>> When I put a static IP on one of the domains, it cleared it all up;  
>> I guess that's what I'll have to do whenever I put more than one  
>> SSL cert on the same web server.
>>
>> On Jan 12, 2009, at 11:53 AM, Leo R. Lundgren wrote:
>>
>>> I think that the first encountered certificate is used, due to the  
>>> simple reason that in order to use a specific certificate based on  
>>> what virtual host is requested, the server needs to look at the  
>>> Host: HTTP header of the transmission, and since encrypting the  
>>> whole transmission (including the HTTP headers) is what the  
>>> certificate is meant to do, it's just an endless loop that doesn't  
>>> work (for name-based virtual hosts, port-based ones should be  
>>> different but that's not very useful for you unless you proxy the  
>>> traffic). That's why the first cert is used.
>>>
>>> To accomodate the need we're moving towards TLS with HTTP, so that  
>>> a HTTP connection can be set up and then "upgraded" to an  
>>> encrypted channel post-initial-headers and pre-sending-data-that- 
>>> needs-to-be-secure. However I dunno how far that work has gotten  
>>> (I think it's good in "open" browsers, but IE and what not lags  
>>> behind as usual).
>
> -|
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>

Regards

Michael Ward
--
Head Honcho
CustoMike Solutions
Member, FileMaker Business Alliance
Member, FileMaker Technical Network
FileMaker 7 Certified Developer
FileMaker 8 Certified Developer
FileMaker 9 Certified Developer
10 Wandoo Crt
Wheelers Hill, 3150
ph 0414 562 501
headhoncho at customikesolutions.com





More information about the FX.php_List mailing list