Re: cvs commit: jakarta-tomcat-4.0/webapps/tomcat-docs ssl-howto.xml

Mon, 27 Aug 2001 13:24:22 -0700 

There is one typo I just noticed: "ant != and". Spell-checker immune
typos are the worst :)

Anyway, don't sweat it. I'll fix it in a few minutes, when I add a quick
note (Gunter's suggestion) about JSEE in the classpath vs. installed
extensions.

I just wanted to offically notice the typo before anyoneelse did :)

- Christopher

[EMAIL PROTECTED] wrote:
> 
> craigmcc    01/08/27 13:39:55
> 
>   Modified:    webapps/tomcat-docs ssl-howto.xml
>   Log:
>   Update to the SSL HOW-TO w.r.t. server certificates on named virtual hosts
>   sharing a single IP address.
> 
>   Submitted by:  Christopher Cain <[EMAIL PROTECTED]>
> 
>   Revision  Changes    Path
>   1.4       +15 -0     jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml
> 
>   Index: ssl-howto.xml
>   ===================================================================
>   RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/ssl-howto.xml,v
>   retrieving revision 1.3
>   retrieving revision 1.4
>   diff -u -r1.3 -r1.4
>   --- ssl-howto.xml     2001/08/27 20:22:37     1.3
>   +++ ssl-howto.xml     2001/08/27 20:39:55     1.4
>   @@ -153,6 +153,21 @@
>    page request and take the appropriate action of <code>https</code> is not
>    specified.</p>
> 
>   +<p>Finally, using name-based virtual hosts on a secured connection can be
>   +problematic.  This is a design limitation of the SSL protocol itself.  The SSL
>   +handshake, where the client browser accepts the server certificate, must occur
>   +before the HTTP request is accessed.  As a result, the request information
>   +containing the virtual host name cannot be determined prior to authentication,
>   +ant it is therefore not possible to assign multiple certificates to a single
>   +IP address.  If all virtual hosts on a single IP address need to authenticate
>   +against the same certificate, the addition of multiple virtual hosts should not
>   +interfere with normal SSL operations on the server.  Be aware, however, that
>   +most client browsers will compare the server's domain name against the domain
>   +name listed in the certificate, if any (applicable primarily to official,
>   +CA-signed certificates).  If the domain names do not match, these browsers will
>   +display a warning to the client user.  In general, only address-based virtual
>   +hosts are commonly used with SSL in a production environment.</p>
>   +
>    </section>
> 
>    <section name="Configuration">
> 
> 
>

Reply via email to