[PLUG] DNS or Apache limits
AthlonRob
AthlonRob at axpr.net
Sat Dec 18 16:48:49 UTC 2004
On Fri, 2004-12-17 at 23:25 -0800, Stafford A. Rau wrote:
> * AthlonRob <AthlonRob at axpr.net> [041217 20:34]:
> > See: https://mail.axpr.net
> > and: https://imp.axpr.net
>
> Those sites return:
>
> "Unable to verify the identity of localhost as a trusted site. Please
> notify the site's webmaster about this problem."
>
> So you can do it, but only in a broken fashion.
Yes. As I understand it, an HTTPS connection is encrypted from the
getgo, before any HTTP information is sent, so Apache can't know what
host you're looking for until after the SSL key is sent to the client,
which identifies the server. The server identifies itself before the
client identifies what server it is looking for.
It *IS*, however, still SSL encrypted. The certificate is no good, but
you otherwise enjoy all the other benefits of an SSL encrypted
connection.
> >From http://httpd.apache.org/docs-2.0/vhosts/name-based.html:
>
> "Name-based virtual hosting cannot be used with SSL secure servers
> because of the nature of the SSL protocol."
Which is not 100% accurate. You can't use name-based virtual hosting
with SSL without each site sharing the same SSL key. It works, but is
not ideal.
--
Rob | If not safe,
Jabber: athlonrob at axpr.net | one can never be free.
More information about the PLUG
mailing list