Colm Buckley, Tue, Apr 10, 2007 at 09:20:47AM +0100:
> The reason is that, with HTTP, virtual hosts are selected using the Host:
> header in the HTTP request. While this is available with HTTPS, the HTTP
> request isn't sent until after the certificates have been exchanged - and
> the hostname of the website is hardwired into the certificate. Other
This won't necessarily pose problems - the only problem was that site
name verification against the "name on papers" (the Common Name) of the
certificate failed. But most browsers nowadays support the AltCN field
in a x.509 certificate, so - provided you can get your hands on a
multiple-CN certificate, even this problem is solved and you _can_ run
multiple https sites on the same ip:port.
Altought I don't know how impossible it may be to obtain a multple-CN
crt from a commercial certification authority, with private authorities
(eg: my employer's) it may be a lot easier.
p.
--
pbm - "oh this rain it will continue till the morning as I'm listening
- to the bells of the cathedral - I am thinking of your voice"
(Suzanne Vega - "Tom's Diner")
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
