Google Search
Follow me @SteveMoitozo2
User login
Navigation
Popular content
Today's:
Syndication
Recent blog posts
- Control a 3-wire zone valve with a 2-wire thermostat
- Tabletop Onager
- Important Solutions Warrant Proper Analysis Prior to Product Evaluation
- Tabletop Trebuchet
- Assimilated by the iPhone Borg
- Solution for umount "device is busy" errors
- Why I don't become a fan of pages for generic things and concepts on Facebook
- Personal Password Management
- Firefox 3 sec_error_crl_invalid errors
- Jesse's Favorite Interview Question
Check out SpreadFirefox.com
Click for more info about this graphic.
2010/03/11 06:39:00
HOWTO: Apache Name-based SSL-enabled Virtual Hosting
- Blogs:
I want to do virtual hosting of SSL-enabled virtual hosts on the same Apache server as my other non-SSL-enabled virtual hosts. I don't want to assign more than one IP address to the server and all of my virtual hosts will be within the same domain (e.g., example.com).
BACKGROUND
When Apache processes a request for a name-based virtual host it receives the request from the browser, which includes the Host header (e.g., Host: www.example.com). Apache uses the Host header to determine which name-based virtual host to route the request to. It works this way regardless of the connection type, HTTP or HTTPS.
The trouble with SSL-enabled virtual hosting is that HTTPS is simply HTTP traffic tunneled inside of an SSL-enabled TCP connection. This means that everything in the request--including the all-important Host header that Apache needs to correctly route the request to the appropriate virtual host--is not known by Apache until after the SSL handshake takes place. The problem lies in the fact that Apache needs to present the browser with the certificate that corresponds with the virtual host being requested and Apache can only know which certificate to present by determining which virtual host the request is destined for and referring to the configuration directives for the virtual host. It's a classic "Which came first, the chicken or the egg?" problem.
What happens when a browser makes an HTTPS request to a name-based virtual host is that Apache responds by presenting the certificate for the first SSL-enabled virtual host. Technically, Apache responds to the initial SSL request by applying the configuration for the default virtual host listening on port 443.
For instance, let's imagine that we have an Apache server set up to do name-based virtual hosting of two SSL-enabled virtual hosts on port 443. The first virtual host has the ServerName www.example.com and the second virtual host has the ServerName www2.example.com. If the virtual host for www.example.com appears first in the apache configuration then it will be the default virtual host for port 443. As a result, any client that makes a request for https://www2.example.com will get presented with the certificate for www.example.com. Of course the Web browser will not like this and present an error message to the user stating that the certificate presented does not correspond with the request. If the user was to click through the error message the request would actually be routed to the correct virtual host, www2.example.com.
The real problem lies in this error that the user is presented with. We don't want to be training users to ignore SSL/TLS errors.
SOLUTION
As long as the virtual hosts you want to provide share the same root domain the way to tackle this issue is to configure both virtual hosts with the same certificate, but not just any certificate, a wildcard certificate. Usually you would get two certificates, one for each virtual host. The common name for the first certificate would be www.example.com and the second one would be www2.example.com. A wildcard certificate has a common name of the form *.example.com, which means it will match any hostname in the example.com domain, including www.example.com and www2.example.com. If you want to limit the scope of the wildcard certificate you could get a certificate with the common name www*.example.com which would limit it to hosts that begin with www in the example.com domain.
EXAMPLE CONFIGURATION
NOTE: Both virtual hosts refer to the same certificate and key files.
...
Listen 443
...
...SSL stuff...
<VirtualHost _default_:443>
ServerName www.example.com:443
...VirtualHost stuff...
SSLEngine on
SSLCertificateFile /path/to/*.example.com.crt
SSLCertificateKeyFile /path/to/*.example.com.key
...VirtualHost stuff...
</VirtualHost>
<VirtualHost *:443>
ServerName www2.example.com:443
...VirtualHost stuff...
SSLEngine on
SSLCertificateFile /path/to/*.example.com.crt
SSLCertificateKeyFile /path/to/*.example.com.key
...VirtualHost stuff...
</VirtualHost>
- geekwisdom's blog
- Login or register to post comments
Comments
Do you have a record to learn
Do you have a record to learn bout this site? More like a tutorial copy so anyone can learn. coz i think this is very fascinating. classified |job listings|steam shower
Fashion weekyou can come to
Fashion week
you can come to see it,it's so fashion.I think you will like it.
thank you for link
You can watch porn on this site. Thanks to everyone who had contributed to the site. porno and sex is such Material. Thank you for your interest.
jagra jagra jagra jagra penis buyutuculer sex shop penis buyutuculer v-pills tatil azdirici kahve sirhunter sirhunter sirhunter saat kamera kalem kamera magna rx vpills penis buyutucu azdirici azdirici azdirici azdirici yatakarkadas.com v-pills penis buyutucu burclar ruya tabirleri yemek tarifleri hava durumlari azdirici ic giyimler mirc azdirici
dolusextr.com porno izle sexvidyolari.com cinselsex.net adulteviniz.com
cicekyollat.com cicek sepeti garantibuyut.com penis buyutucu dovizcim.net doviz pjur-sprey.com pjur 24saatacik.com dikkatcek.com göğüs büyütücü askparfumu.comask parfumu salyangozkrem.net salvolin zayiflamajel.com x-tra gel cabbeturkey.com lahana kapsülü bayanmarket.com stop grey doluhaber.net mirc sanalderman.com kim kimdir yatakarkadas.net sex sex partner porno zayıflama sex klipler sikiş mircturk
Thank you projeksiyon
Thank you projeksiyon kiralama
In marketing a coupon is a
In marketing a coupon is a document or a ticket that is exchanged for a rebate or financial discounts while purchasing an argos voucher. Usually these coupons are to the customers by the manufacturers of the particular goods or the retailers, which can be used in retail stores. These are meant as a part of promoting the symantec discount. They are generally distributed through mail, the internet, magazines, mobile devices like the cell phones and news papers.
RE:
Technically, Apache responds to the initial SSL request by applying
Lacoste Wholesaler
Ralph Lauren Supplier
tommy hilfiger
wholesale suppliers
abercrombie & fitch supplier
wholesale diesel jeans
calvin klein distributor
RE:
great post.
Livescores
basketball live score
Tennis live scores
live football scores
live cricket score
Re:
Technically, Apache responds to the initial SSL request by applying the configuration for the default virtual host listening on port 443.BBA degree | Online degree programs
Re:
Of course the Web browser will not like this and present an error message to the user stating that the certificate presented does not correspond with the request. Nutrition degree | Nursing degree | sociology degree
TirYaKi
sohbet
yonja
chat
dini sohbet
chat siteleri
islami sohbet
almanya sohbet
sohbet siteleri
bedava chat
bedava sohbet
sohbet odalari
sohbet
yonja
bedava chat
canlı sohbet
chat emanuel chat kaynanı
chat emanuel chat kaynanı varyaa lollarım cinsel sohbet sohbet alexx
dogum günü sözleri amelemisin? bedava chat
chat siteleri kabul et lan kameralı sohbet chat sitesi
chat siteleri sohbet siteleri hoşt köpek kizlarla sohbet
chat sitesi izlemeye bıkmayacaksınız. sohbet
sohbet odaları and sohbet odaları bedava chat
sohbet kızlarla sohbet sohbet odaları bedava sohbet
Bill Smit
Drug Name
buy hyzaar
Hyzaar (Losartan/Hydrochlorothiazide)
Drug Uses
Hyzaar is used for treating high blood pressure and decreases the risk of stroke.
How to use
Use Hyzaar as directed by your doctor.
Buy Levitra Professional
What about NameVirtualHost directive
I tried to follow this, but apachectl -t gave me warnings and only one vhost was accessible on the given IP even though I used 2 subdomains.. Fixed this by useing NameVirtualHost directive,
Here's the config that worked for me ( with wildcard certificate for *.domain.com )
Listen 10.1.4.252:443
NameVirtualHost 10.1.4.252:443
< VirtualHost 10.1.4.252:443 >
ServerName www.subdomain1.domain.com:443
DocumentRoot /www/domain1
..other vhost stuff here including ssl stuff
< /VirtualHost >
< VirtualHost 10.1.4.252:443 >
ServerName www.subdomain2.domain.com:443
DocumentRoot /www/domain2
..other vhost stuff here including the same ssl stuff
< /VirtualHost >
Apache/2.2.3 on Debian
Note. I had to add spaces in < /VirtualHost > tags as for some reason your website does not display these properly
porno filmleri porno izle,
porno filmleri porno izle, sikiş, amcık, seks videoları seyret, erotik video, amatör, sakso, götten, sikiş videolar, sex video izle porno filmleri
porno filmleri
seks izle
porno izle
sikiş
hello
online casino
best online casino
casino online
us online casino