On Tue, Nov 05, 2002 at 11:00:46AM +0100, DEFFONTAINES Vincent wrote: > I managed to create several Virtualhosts on a apache-ssl (1.3) server (same > IP, same port, several names).
> The "trick" is to use the same Certificate for every Virtualhost, which will > of course generate a warning on browsers, > The non-matching {site name/certificate} is indeed a drawback, but > maybe can be turned around? You can use "wildcard certificates", with a CN of (e.g.) "*.coe.int". I see two major drawbacks: - I'm not sure most CA will sign wildcard certificates. It's better for them if you buy a dozen certificates than ONE wildcard certificate. Not an issue if you run your own CA. - When I tried this, the infamous Microsoft Internet Explorer totally barfed on wildcard certificate. If web administrators are separate from (whatever else) administrators at your site, then the web administrators will be able to masquerade (at the SSL level) for any machine in the domain: Print servers, ftp server, ... -- Lionel
msg07623/pgp00000.pgp
Description: PGP signature