• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: setting up SSL and certs
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: setting up SSL and certs

  • Subject: Re: setting up SSL and certs
  • From: Joe Moreno <email@hidden>
  • Date: Wed, 8 Mar 2006 10:28:11 -0800
Gino,

Does anyone know if it is possible to host more than 1 domain under https for name based hosting?
If you're asking if you can host multiple SSL sites on the same server (machine) with different domain names then the answer is Yes. But, you'll need a separate public IP address for each SSL host. The reason is when a client and server communicate over SSL all their information is encrypted (except the source and destination IPs) including the headers (one of which contains the host name your connecting to - this is virtual hosting: multiple domain names on the same server with the same public IP address).

So, the key is to assign multiple public IPs to the SSL server, one for each SSL certificate.

Here's a sample (fictional) http  connection in the clear. Notice that the Host header is apparent.:

010.000.001.101.52349-017.121.212.059.00080: GET /cgi-bin/WebObjects/AppleStore.woa/1/wo/PndTr0TlZKpi9GFdIoSwi0/2.17.13.0.1.0.1.1.1.1.0.4.1 HTTP/1.1
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate
Cookie: CNNid=Gaa5116-192592657-1061949753118-1
Referer: http://www.apple.com/cgi-bin/WebObjects/AppleStore.woa/1/wo/PmdTr0TlZKpi9GFdIoSwi0/0.15.0
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8
Connection: keep-alive
Host: www.mac.com

017.121.212.059.00080-010.000.001.101.52349: HTTP/1.1 200 Apple
Date: Wed, 08 Mar 2006 16:56:30 GMT
Server: Apache/1.3.33 (Darwin) mod_ssl/2.8.24 OpenSSL/0.9.7i
Cache-Control: max-age=60
Expires: Wed, 08 Mar 2006 16:57:30 GMT
connection: close
content-length: 22009
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
.<HEAD>
..<META name="generator" CONTENT="WebObjects 4.5">
..<TITLE>My Mac Web Site</TITLE>
.</HEAD>
.<BODY BGCOLOR=#FFFFFF>
..<DIV ALIGN=LEFT>
...<TABLE CELLPADDING=0 BORDER=0 CELLSPACING=0 WIDTH=100%>


Here's a sample SSL connection. The Host header is encrypted so the Web server wouldn't know which SSL certificate to use for decryption. (The info you see in the clear is who issued the certificate and who the certificate was issued to.)

010.000.001.101.52361-017.121.212.059.00443: .m....T............
.......................................................................@...e.|.:DK.A.....qY
017.121.212.059.00443-010.000.001.101.52361: ....J...F..D.....S..mT..yM .
.....0Z1.0...U....US1.0...U..}."T....Vv......lw.................|0..x0.............0
070205063414Z0..1.0...U....US1.0...U.ax Secure Global eBusiness CA-10..
..www.mac.com1<0:..U...3https://services.choicepoint.net/get.jsp?GT041781331'0%..U....See www.rapidssl.com/cps (c)051/0-..U...).V)./:..'p.E.quc~..c...y..F.;y..ux.s.8i..#..M......q.-!.)oD0.>.%.&4....T#.....g............0..0...U...........0...U.......7..>.<....V~..Fm..l0;..U...40200...,.*http://crl.geotrust.com/crls/globalca1.crl0...U.#..0......trPkD..#.....Wkhl0...U.%..0...+.........+.......0..............c..#..v?$+.2....:.}B....y..<......&C.`.zk\..`_....S{~#.*....B......{Q...U.w:...y......u..F....vZ..$...Efp. ...<.........Hr...].........
010.000.001.101.52361-017.121.212.059.00443: ...........4~...>S.~...w..Z....c'.L....'B...t...0..rh..FUVC.;.a...g....w....ig....jm...+ ...7..og.\I.......pL'i<.iZ.l.fO.....
010.000.001.101.52361-017.121.212.059.00443: ......
010.000.001.101.52361-017.121.212.059.00443: ....$.;.Y.L.A>...T!.3.An}c...^....,d..K.{
017.121.212.059.00443-010.000.001.101.52361: ..........$5#...q...L.5.. O4B.F.....6.....:.._~


Make Sense?

- Joe


On Mar 8, 2006, at 04:52:51, Gino Pacitti wrote:
Hi All

I have several domains being hosted on a OSX server and it is named based hosting.

Most domain use port 80 but I have one using 443 with cert installed.

Does anyone know if it is possible to host more than 1 domain under https for name based hosting?

Gino
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: java.lang.outofmemory
  • Next by Date: Re: Starting a direct Action when a file is put into the file system
  • Previous by thread: Re: setting up SSL and certs
  • Next by thread: Re: CustomQueryExpressionHintKey and rawRowKeyPaths? - SOLVED
  • Index(es):
    • Date
    • Thread