From owner-freebsd-questions  Sat Jul 28 13:20:26 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from hotmail.com (f181.law11.hotmail.com [64.4.17.181])
	by hub.freebsd.org (Postfix) with ESMTP id A9A3737B401
	for <freebsd-questions@FreeBSD.ORG>; Sat, 28 Jul 2001 13:20:23 -0700 (PDT)
	(envelope-from t403403@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Sat, 28 Jul 2001 13:20:23 -0700
Received: from 12.78.33.115 by lw11fd.law11.hotmail.msn.com with HTTP;	Sat, 28 Jul 2001 20:20:23 GMT
X-Originating-IP: [12.78.33.115]
From: "Terry Witherspoon" <t403403@hotmail.com>
To: bsd-freak@mbox.com.au, freebsd-questions@FreeBSD.ORG
Subject: Re: SSL Certificates
Date: Sat, 28 Jul 2001 15:20:23 -0500
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F181dkSmLAztxc1o8yf000008b1@hotmail.com>
X-OriginalArrivalTime: 28 Jul 2001 20:20:23.0367 (UTC) FILETIME=[BB10DD70:01C117A2]
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


Hi,

See http://www.modssl.org for everything you want to know
about apache-modssl. You cannot do this with name based
hosts.

From the FAQ:

The reason is very technical. Actually it's some sort of a
chicken and egg problem: The SSL protocol layer stays
below the HTTP protocol layer and encapsulates HTTP. When
an SSL connection(HTTPS) is established Apache/mod_ssl has
to negotiate the SSL protocol parameters with the client.
For this mod_ssl has to consult the configuration of the
virtual server (for instance it has to look for the cipher
suite, the server certificate, etc.). But in order to dispatch
to the correct virtual server Apache has to know the Host HTTP
header field. For this the HTTP request header has to be read.
This cannot be done before the SSL handshake is finished. But
the information is already needed at the SSL handshake phase.
Bingo!


>
>Hiya all,
>
>I need to host multiple SSL sites on my FreeBSD 4.3 box. I am currently
>using Apache 1.3 + mod_ssl and am using name based virtual hosts. I don
>have a lot of experience with SSL but maybe someone out ther has.
>
>My question is do I need a seperate digital certificate for each virtual
>host? Going by the Verisign documentation it seems so but is not 100%
>clear.
>
>Does anyone know there answer for certain?
>
>Thank in advance...
>
>  ---------------------------------------------
>  Receive faxes 24x7, no second line necessary.
>            http://www.mbox.com.au/
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message