Hi Martin, Thanks for the info. Guess I have some reading to do!
My Best! Wolfgang Wolfgang Miska Executive Vice President GEIGER of Austria, Inc. 38 Pond Lane P.O. Box 728 Middlebury, VT 05753-0728 (802) 388-3156 (802) 388-9745 Fax www.geigerofaustria.com Martin Kuba <ma...@ics.muni.cz> 01/24/2011 04:13 AM Please respond to users@httpd.apache.org To users@httpd.apache.org cc Subject Re: [users@httpd] Name-based SSL virtual hosts Hi Wolfgang, there is a chicken-and-egg problem with name-based virtual hosts and SSL. The SSL connection is established *before* HTTP communication, so the SSL server does not know what Host: HTTP header will be sent in the moment it decides which SSL server certificate to send. So for SSL HTTP servers, each server needs its own IP address, virtual named-based hosts are not possible. There is a solution for this problem, it is a change in the SSL protocol which allows to send host name in the SSL handshake. However it is not supported by all web browsers. For details see http://en.wikipedia.org/wiki/Server_Name_Indication#The_fix In a nutshell, if you want to support MSIE on Windows XP, you cannot use it. I solve this by using one IP address for all SSL servers with the same DNS domain owner, and a SSL server certificate that has all the server names as subjectAltNames. That works for all browsers, but it is some hassle to create a new certificate for all names each time a new SSL server is added. Cheers Martin Dne 21.1.2011 22:18, wolfgang.mi...@geigerus.com napsal(a): > Hi, > > I am not too familiar with Apache, so the following message has stumped me. > > [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) > > Can somebody explain what that means and what are the consequences? > > Thanks so much! > > > Wolfgang -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Supercomputing Center Brno Martin Kuba Institute of Computer Science email: ma...@ics.muni.cz Masaryk University http://www.ics.muni.cz/~makub/ Botanicka 68a, 60200 Brno, CZ mobil: +420-603-533775 --------------------------------------------------------------
