Re: SSL & Host Header Names
From: Alun Jones [MS MVP] (alun_at_texis.com)
Date: 05/28/03
- Next message: BB: "Re: errore 0xC00402C7: what happens?"
- Previous message: Dino Chiesa [MSFT]: "Re: idsonline"
- In reply to: Karl Levinson [x y] mvp: "Re: SSL & Host Header Names"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 May 2003 03:50:28 GMT
In article <#8GIESLJDHA.2052@TK2MSFTNGP11.phx.gbl>, "Karl Levinson [x y]
mvp" <levinson_k@despammed.com> wrote:
>You can't use host headers with SSL. But you can use host headers on the
>unencrypted home page that redirects users to the SSL page, and then also
>use either different port numbers or different IP addresses for each web
>site.
There is light at the end of the tunnel, though:
http://www.ietf.org/internet-drafts/draft-ietf-tls-extensions-06.txt
specifies an extension to the ClientHello, that includes the ability to
request a specific host name. It may eventually get approved, and it may
eventually get implemented. We'll see how long that takes - I wouldn't
expect it soon. For now, it's worth accepting that TLS / SSL requires that
the (single) certificate gets sent by the server before the host header is
received from the client, so different certificates require different
combinations of IP and port. If your several hosts are host1.example.com,
host2.example.com, host3.example.com, you can use a wild-card certificate,
with a name of *.example.com - otherwise, you'll need to work around it.
Alun.
~~~~
- Next message: BB: "Re: errore 0xC00402C7: what happens?"
- Previous message: Dino Chiesa [MSFT]: "Re: idsonline"
- In reply to: Karl Levinson [x y] mvp: "Re: SSL & Host Header Names"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
