[rt-users] _default_ VirtualHost overlap on port 443, the first has precedence

Jerrad Pierce jpierce at cambridgeenergyalliance.org
Fri Aug 21 11:24:18 EDT 2009


On Fri, Aug 21, 2009 at 11:09, Curtis Bruneau<curtisb at vianet.ca> wrote:
> Each SSL site pretty much needs to be on it's own IP address, the
> reasoning is the cert negotiation isn't name based header as apache
> would. The only other way would be to have them on different ports but
> then you'd have to specify the port when going to the site.

In practice yes, but technically no. SNI allows https to do name-based
virtual hosts,
although mod_ssl (and older browsers) do not support it. For this reason we use
mod_gnutls. http://www.outoforder.cc/projects/apache/mod_gnutls/sni/
-- 
Cambridge Energy Alliance: Save money. Save the planet.



More information about the rt-users mailing list