[Gllug] Couple of questions about HTTPS
Richard Jones
rich at annexia.org
Wed Nov 17 21:40:23 UTC 2004
On Wed, Nov 17, 2004 at 09:26:19PM +0100, Ian Norton wrote:
> As far as I am aware apache ssl requires you to use 1 ip per SSL site as
> it does not support http/1.1 and the 'host' directive used where you do
> virtual hosting. If you are at a hosting company, IP addresses tend to
> be farily cheap anyway, if memory serves not more than a tenner for 5 or
> so each year.
I read up on this, and the restriction seems to arise because the Host
header is part of the HTTP request, and is therefore encrypted. You
can't decrypt the HTTP request until you know the key, and you can't
get the (right) key until you have the Host header. So now I
understand! Are there alternatives? Running the different virtual
hosts on the same IP address but with different port numbers perhaps?
> You can become your own signing authority, and sign your user sites from
> that authority, most people wont notice or care that much really, as
> long as you remain consistant and present clear information about your
> certs when people go to login you wont have that much trouble, that
> said, getting signed wont do you much harm, make sure you have
> everything all working perfectly before you do though,
I'm quite surprised that Firefox doesn't bundle any "free" CA
certificates. I just checked and Firefox 0.9 just includes the usual
suspects like Verisign and Thawte. I don't understand why they give
these companies a free ride, and why a free alternative which just,
say, verifies email addresses doesn't exist. ... Perhaps time to set
one up!
Rich.
--
Richard Jones. http://www.annexia.org/ http://www.j-london.com/
>>> http://www.team-notepad.com/ - collaboration tools for teams <<<
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
Use Perl libs in OCaml - http://www.merjis.com/developers/perl4caml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20041117/5ecd6cbe/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list