RE: [webmin-l] SSL

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

When you say "not effectively" you mean it wouldn't work? If I could type on
my browser http://www.thataddress.com/ and have it proxied to
http://www.thataddress.com:8080/ then it would be great because none of my
clients would need to know what "non-standard" port the website is being
forwarded. Now, with this in mind I know that I can install multiple SSL
certificates in one shared IP where all web addressed would use a
non-standard port. Indeed, I could secure many websites sharing the same ip
without having obligating my customers to know port numbers.

Is it possible?

Ravi.

  _____  

From: Jason Sheets [mailto:js...@id...] 
Sent: Friday, March 24, 2006 11:32 PM
To: mai...@ra...
Subject: Re: [webmin-l] SSL

The problem ultimately is the browser opens the connection to the IP and
exchanges encryption keys before the HTTP request is sent, so there is no
way for the web server to know what virtual host it should be serving. As
far as I'm aware of there is no solution for virtual hosting multiple
domains with SSL on a single IP without using different ports, not because
of a web server restriction but a protocol one.

So when you opened the SSL connection to temp.com it would connect to port
443 which would send whatever SSL certificate was configured for that IP,
then your browser would send the HTTP request which would be relayed to the
other port; the end result is you would still wind up with an SSL / site
mismatch.

Ultimately if you want to offer SSL hosting with non shared SSL certificates
you need to either give each host it's own IP, or assign it a non standard
port on a shared IP.  

You could proxy over http effectively (this is how we offer both PHP4 and
PHP5 support on our apache servers) but not effectively with SSL.

J

Ravi Gehlot wrote: 

"SSL will require an IP address per domain.  (Actually, it is possible to
put multiple domains on one IP but you would need to use non-standard port
numbers)."

If I use non-standard port numbers like 8080 or 8888 for
http://www.temp.com:8080/ could I proxy http://www.temp.com/ to go to
http://www.temp.com:8080 <http://www.temp.com:8080/>  so people wouldn't
need to type the port? This way I could use multiple SSL domains in one IP.

Ravi.

RE: [webmin-l] SSL

A web-based interface for system administration of UNIX

RE: [webmin-l] SSL