Will these name based virtual host work with SSL?

If in my httpd.conf file I have numerous virtual hosts defined with include files like:

Include /usr/local/apache/conf/conf.d/devl00.conf
Include /usr/local/apache/conf/conf.d/devl01.conf
Include /usr/local/apache/conf/conf.d/devl02.conf
Include /usr/local/apache/conf/conf.d/devl03.conf


If I SSL enable the entire server in the main httpd.conf file, would I be able to access each virtual host on port 443 like https://devl02.mydomain.com/?
I believe I would be able to access https://www.mydomain.com securely as well.
I guess the question is, can you SSL enable the entire server, and access each virtual host via port 443?


-Thanks
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Will these name based virtual host work with SSL?

a) no.
b) each virtual host would need a separate address - you cannot use SSL
with name-based virtual hosts.

Best~
-d

bfb21@comcast.net wrote:
> If in my httpd.conf file I have numerous virtual hosts defined with include files like:
>
> Include /usr/local/apache/conf/conf.d/devl00.conf
> Include /usr/local/apache/conf/conf.d/devl01.conf
> Include /usr/local/apache/conf/conf.d/devl02.conf
> Include /usr/local/apache/conf/conf.d/devl03.conf
>
>
> If I SSL enable the entire server in the main httpd.conf file, would I be able to access each virtual host on port 443 like https://devl02.mydomain.com/?
> I believe I would be able to access https://www.mydomain.com securely as well.
> I guess the question is, can you SSL enable the entire server, and access each virtual host via port 443?
>
>
> -Thanks
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Will these name based virtual host work with SSL?

bfb21@comcast.net wrote:
> If in my httpd.conf file I have numerous virtual hosts defined with include files like:
>
> Include /usr/local/apache/conf/conf.d/devl00.conf
> Include /usr/local/apache/conf/conf.d/devl01.conf
> Include /usr/local/apache/conf/conf.d/devl02.conf
> Include /usr/local/apache/conf/conf.d/devl03.conf
>
>
> If I SSL enable the entire server in the main httpd.conf file, would I be able to access each virtual host on port 443 like https://devl02.mydomain.com/?
> I believe I would be able to access https://www.mydomain.com securely as well.
> I guess the question is, can you SSL enable the entire server, and access each virtual host via port 443?
>

This comes up so often that it is in the Apache SSL FAQ. You may not
have more than one SSL host on any given IP/Port combination.

http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts

http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2

--
Aaron Dalton | Super Duper Games
aaron@daltons.ca | http://superdupergames.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Will these name based virtual host work with SSL?

ok, with my notes and Aaron's, there *is* something you can do. If you
create the certificate for www.domain.com, you can rewrite HTTPS
requests to something like:

https://www.domain.com/dev100/
https://www.domain.com/dev101/

::tosses 0.02$USD on the table::
-d


Aaron Dalton wrote:
> bfb21@comcast.net wrote:
>> If in my httpd.conf file I have numerous virtual hosts defined with include files like:
>>
>> Include /usr/local/apache/conf/conf.d/devl00.conf
>> Include /usr/local/apache/conf/conf.d/devl01.conf
>> Include /usr/local/apache/conf/conf.d/devl02.conf
>> Include /usr/local/apache/conf/conf.d/devl03.conf
>>
>>
>> If I SSL enable the entire server in the main httpd.conf file, would I be able to access each virtual host on port 443 like https://devl02.mydomain.com/?
>> I believe I would be able to access https://www.mydomain.com securely as well.
>> I guess the question is, can you SSL enable the entire server, and access each virtual host via port 443?
>>
>
> This comes up so often that it is in the Apache SSL FAQ. You may not
> have more than one SSL host on any given IP/Port combination.
>
> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts
>
> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Will these name based virtual host work with SSL?

Thanks for the info. From what I gather I will not be able to access the virtual hosts via SSL since they are name based, unless I use the mod_gnutl apache module. Now my question is, if I purchase only 1 SSL certificate, and I SSL enable the main server like:

https://www.mydomain.com/

Then of cousre, none of the virtual hosts like http://devl01.mydomain.com or
http://devl01.mydomain.com would be accessible via SSL. Would this scneria work with just the main server SSL enabled and all the virtual hosts accessed via port 80?

-Thanks




-------------- Original message ----------------------
From: Aaron Dalton
> bfb21@comcast.net wrote:
> > If in my httpd.conf file I have numerous virtual hosts defined with include
> files like:
> >
> > Include /usr/local/apache/conf/conf.d/devl00.conf
> > Include /usr/local/apache/conf/conf.d/devl01.conf
> > Include /usr/local/apache/conf/conf.d/devl02.conf
> > Include /usr/local/apache/conf/conf.d/devl03.conf
> >
> >
> > If I SSL enable the entire server in the main httpd.conf file, would I be able
> to access each virtual host on port 443 like https://devl02.mydomain.com/?
> > I believe I would be able to access https://www.mydomain.com securely as well.
> > I guess the question is, can you SSL enable the entire server, and access each
> virtual host via port 443?
> >
>
> This comes up so often that it is in the Apache SSL FAQ. You may not
> have more than one SSL host on any given IP/Port combination.
>
> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts
>
> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2
>
> --
> Aaron Dalton | Super Duper Games
> aaron@daltons.ca | http://superdupergames.org
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Will these name based virtual host work with SSL?

re-read my previous mail on rewriting the URL.

You *might* want to do something further, like:

http://dev101.domain.com/secure/ gets rewritten to:
https://www.domain.com/dev101/

mod_rewrite is your friend. ok, so it's more like a thug that clubs you
over the head before patting you on the back and handing you a beer -
but it's still your friend.

-d

bfb21@comcast.net wrote:
> Thanks for the info. From what I gather I will not be able to access the virtual hosts via SSL since they are name based, unless I use the mod_gnutl apache module. Now my question is, if I purchase only 1 SSL certificate, and I SSL enable the main server like:
>
> https://www.mydomain.com/
>
> Then of cousre, none of the virtual hosts like http://devl01.mydomain.com or
> http://devl01.mydomain.com would be accessible via SSL. Would this scneria work with just the main server SSL enabled and all the virtual hosts accessed via port 80?
>
> -Thanks
>
>
>
>
> -------------- Original message ----------------------
> From: Aaron Dalton
>> bfb21@comcast.net wrote:
>>> If in my httpd.conf file I have numerous virtual hosts defined with include
>> files like:
>>> Include /usr/local/apache/conf/conf.d/devl00.conf
>>> Include /usr/local/apache/conf/conf.d/devl01.conf
>>> Include /usr/local/apache/conf/conf.d/devl02.conf
>>> Include /usr/local/apache/conf/conf.d/devl03.conf
>>>
>>>
>>> If I SSL enable the entire server in the main httpd.conf file, would I be able
>> to access each virtual host on port 443 like https://devl02.mydomain.com/?
>>> I believe I would be able to access https://www.mydomain.com securely as well.
>>> I guess the question is, can you SSL enable the entire server, and access each
>> virtual host via port 443?
>> This comes up so often that it is in the Apache SSL FAQ. You may not
>> have more than one SSL host on any given IP/Port combination.
>>
>> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts
>>
>> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2
>>
>> --
>> Aaron Dalton | Super Duper Games
>> aaron@daltons.ca | http://superdupergames.org
>> ____________________________________________________________ __________
>> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>> User Support Mailing List modssl-users@modssl.org
>> Automated List Manager majordomo@modssl.org
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org