SSL and Name-based SSL Virtual Hosts

Previous page
Table of content
Next page

A common question from mod_ssl users is whether it is possible to have several SSL-enabled name-based virtual hosts. The short answer is no. The problem is that name-based virtual hosting relies on the information provided by the client in the Host: header of the HTTP request, since all name-based virtual hosts are sharing the same IP address. But the SSL connection takes place at the TCP level, before the HTTP request can be sent. Thus, the server is not able to determine at the time of connection which virtual host the client wants to connect to and, hence, which certificate and key to use. There is indeed a specification (RFC 2817), which allows upgrading an existing HTTP connection to HTTPS. That would get around this issue, but at the time of this writing it is not implemented by any mainstream browser. Apache 2.2's mod_ssl module implements support for RFC 2817, as does mod_nw_ssl, the Netware Apache SSL module.



Previous page
Table of content
Next page
Apache(c) Phrase Book(c) Essential Code and Commands
Apache Phrasebook
ISBN: 0672328364
EAN: 2147483647
Year: 2006
Pages: 254
Authors: Daniel Lopez, Jesus Blanco
BUY ON AMAZON
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Postfix: The Definitive Guide
Mapping Hacks: Tips & Tools for Electronic Cartography
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
.NET System Management Services
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy