[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: ssl and ip masquerade
****** message to minivend-users from "Mike Wolf" <mdwolf@okdirectpets.com> ******
You can get a wildcard certificate. My provider uses one from Thaute. It has
*.securedsites.com for the registered name in the cert. Then they provided
an alias to my website address as okdirect.securedsites.com. I put that in
minivend.
Mike Wolf
Orchard Kennels
Walworth, NY
www.okdirectpets.com
Your source for kennel tested pet supplies
-----Original Message-----
From: Geoffrey D. Bennett <g@netcraft.com.au>
To: Ben Donohue <donohueb@bvm.com.au>
Cc: minivend-users@minivend.com <minivend-users@minivend.com>;
linuxsa@linuxsa.org.au <linuxsa@linuxsa.org.au>
Date: Thursday, April 01, 1999 2:18 AM
Subject: Re: ssl and ip masquerade
>****** message to minivend-users from "Geoffrey D. Bennett"
<g@netcraft.com.au> ******
>
>> i've heard (read) that virtual hosts in apache will not work with ssl.
>> so in order to use ssl with apache, you need different ip numbers for
>> each site (domain name etc).
>>
>> the question is,
>> will ssl work with one of the private ip numbering ranges (192.168.0.0)
>> and then masqueraded out to one public ip address, such that many
>> different sites have one public ip address and then masqueraded to the
>> private 192.168.0.0 ssl server,
>
>No, it won't.
>
>> or
>> you need one public ip address for every different site for ssl and
>> apache?
>
>Yes, but the limitation is in the protocol, not in Apache.
>
>It's a catch-22:
>- the server needs to know which virtual host is being contacted
> before it can negotiate an SSL connection
>- the server doesn't find out which host is being contacted until the
> HTTP request is sent (unless you have separate IP addresses for each
> virtual host)
>- the HTTP request can't be sent until SSL has been negotiated (after
> all, you are encrypting this information)
>
>Regards,
>--
>Geoffrey D. Bennett (geoffrey@netcraft.com.au)
>Computer Systems Manager, NetCraft Australia
>http://www.netcraft.com.au/geoffrey/
>Red Hat Linux Resellers: http://www.netcraft.com.au/linux/
>-
>To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
>email with 'UNSUBSCRIBE minivend-users' in the body to
Majordomo@minivend.com.
>Archive of past messages: http://www.minivend.com/minivend/minivend-list
>
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
