LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 08-17-2003, 12:24 PM   #1
piratebiter
Member
 
Registered: Aug 2003
Location: desert
Distribution: RH 8, Debian
Posts: 61

Rep: Reputation: 15
Virtual Host type, named or IP via SSL? Named VH is not possible?


I am adding E Commerce webserver (Interchange) for a limited number of clients (less than 100). To serve, I now use Named Virtual Hosts which works well. Maybe? when I try to use SSL, Certificates etc., and add Ecommerce then this will not work. Does this mean I will need an IP addr for EACH client and use IP addr Virtual Hosting to function?
My general layout
RH 8, Apache 2, MySql, PHP, OpenSSH, djbdns
thank you for the help,
the ~piratebiter~hisself

.
 
Old 08-17-2003, 07:32 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
May the mod_ssl FAQ shed light on those wandering in their valley of darkness... http://www.modssl.org/docs/2.4/ssl_faq.html#ToC44
 
Old 08-20-2003, 08:23 AM   #3
piratebiter
Member
 
Registered: Aug 2003
Location: desert
Distribution: RH 8, Debian
Posts: 61

Original Poster
Rep: Reputation: 15
Gee, I hope that moderator has more fun in high school this year, than he did with the trite sophmorish reply?

Why can't I use SSL with name-based/non-IP-based virtual hosts? [L]

The reason is very technical. Actually it's some sort of a chicken and egg problem: The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP. When an SSL connection (HTTPS) is established Apache/mod_ssl has to negotiate the SSL protocol parameters with the client. For this mod_ssl has to consult the configuration of the virtual server (for instance it has to look for the cipher suite, the server certificate, etc.). But in order to dispatch to the correct virtual server Apache has to know the Host HTTP header field. For this the HTTP request header has to be read. This cannot be done before the SSL handshake is finished. But the information is already needed at the SSL handshake phase. Bingo!

Still never answers the ? Says No, you can't do it, ok then how about a little direction on HOW you do acomplish this. If the reason is "very techinical" maybe he had no clue?
Usually I get a lot of good info here, there are exceptions I guess.
 
Old 08-20-2003, 05:27 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Says No, you can't do it, ok then how about a little direction on HOW you do acomplish this.
If you use name-based VH's, then the VH is in the headers of each request. Based on the "Host" header the server seeks the corresponding VH. With SSL, the WHOLE request is encrypted, garbled, obfuscated. This means the server has NO access to the Host header before authentication is set up, so the server has NO clue which VH the request should be assigned to.

AFAIK in your situation IP-based VH is the way to go (the 3rd but unusable form of VH being port-based). In short: point the domains' CNAME's to the IP of the VH server, bind the IP's to your public eth, then configure each VH with its own cert. *There's also something like "wildcard certs" but I'm not familiar with them and from what I've read they're rather expensive.


Finally, your expressions of frustration and ineptitude clearly have no bearing on who I am or what I wrote. Please read up on basic netiquette and to try remain respectfull towards your fellow LQ members at all times.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache named virtual host config darthtux Linux - Software 8 04-19-2005 02:38 AM
apache 2 named virtual servers : server path djbar Linux - Networking 0 03-21-2004 10:05 AM
cannot find named.conf and /var/named kaushikma Red Hat 1 02-07-2004 12:49 PM
Trouble with Named based Virtual hosting in Apache 2 IanChristie Linux - Networking 16 11-07-2003 02:04 PM
named based virtual hosting newbie nickblue Linux - Networking 9 08-04-2003 11:39 PM


All times are GMT -5. The time now is 04:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration