On Wed, 24 Mar 2004, Haim Ashkenazi wrote: > Haim Ashkenazi wrote: > > > Hi > > > > I'm running a web (ssl) server with several virtual domains. at the moment > > they are name based (non-ip) which of course produce a warning in the > > user's browser when he try to connect to a host that is not the default > > one (key). I've looked in the documentation and found that ssl doesn't > > support name based virtual domains. I was wondering if there is a way > > around that (like using rewrite rules). say I want to offer web hosting, > > do I need to have different IP for every https domain I'm hosting? this > > could result in having to buy a few hundred IP's... > > > well, I guess I'll have to use all my IP's...
Well, actually there is a solution: use wild cards in the name of the keys. You can make the certificate for *.mycompany.com for several web sites within mycompany.com, or you can go so far as to use * for any host name. Most modern browsers will accept such a certificate, some will complain and still accept it. As far as security is concerned, the encryption is just as secure as with any other certificate. The only problem might arise if someone steals the private key and sets up another web site. They can then pretend you signed the certificate for their site and use it in a phishing attack. However, the barrier for phishing attacks low because of social engineering and not because of fake certificates. And then you can guard your private key in the first place. Hope this helps. -- Elmar -- Dr. Elmar S. Heeb, HPV F58 email: [EMAIL PROTECTED] Departement Physik, ETH Zurich voice: +41 1 633 2591 CH-8093 Zurich fax: +41 1 633 1239 Switzerland mobile: +41 79 628 7524
