[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Simon Waters wrote: > James Fidell wrote: >> Simon Waters wrote: >> >>> You need an IP address per certificate, as the certificate is the first >>> thing sent down the line when an https connection is made. This is a sad >>> hangover from the days before name based virtual hosting, and why we >>> still get away with charging extra if you want hosting with its own IP >>> address. >> >> It's also possible to use a different port on the same IP address for >> different SSL-enabled sites -- the important bit is that the webserver >> can uniquely identify which site a client is connecting to (in order to >> correctly process the request) when it isn't in a position to decrypt >> the request itself. > > Indeed, but in a world of corporate firewalls you don't want to be > forcing use of non-standard ports, especially on the bit that collects > your income. > >> I can't think of any other way to achieve that without exposing some of >> the request details, which is what HTTPS is trying to avoid in the first >> place. > > I'm sure name based virtual hosting with encryption is perfectly easy, > just as TLS does it for SMTP. The problem is changing all the browsers > already deployed, in such a way that people trust it. Basically means > convincing Microsoft, on the upside whoever does it first could make a > mint in certificate revenues, so it is kind of surprising that Microsoft > haven't. Someone asleep at the bridge? If the cert is dependant on IP, then why are SSLCertificateFile and SSLCertificateKeyFile defined in the virtualhost section? -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html