Tenon Intersystems Please see text links at bottom of page for navigation
Please see text links at bottom of page for navigation

Search tenon.com

Thanks to:

iTools
[Top] [All Lists]
<prev [Date] next> <prev [Thread] next>

Re: SSL Certs for IP Based Virtual Hosts

To: Tenon Information Services <info@xxxxxxxxx>, itools@xxxxxxxxxxxxxxx
Subject: Re: SSL Certs for IP Based Virtual Hosts
From: citizen <citizen@xxxxxxxxxxx>
Date: Tue, 23 Sep 2003 01:40:34 -0400 
Dear Tenon,

Thank you for your speedy reply.  David on the itools list had the following 
reply.

==============================

> Does this mean that if abc.com has an SSL Cert and is assigned to ip
address
> 209.345.455.106, that def.com, ghi.com, and hij.com which are also
assigned to
> the same ip address (209.345.455.106) will also use the same SSL Cert for
abc.com
> eliminating the need to buy one for each domain name?

Not exactly.

A standard SSL Cert deals with a specific domain name (ie: www.bob.com,
news.bob.com, events.bob.com), although it is possible to get a so-called
wildcard cert that deals with *.bob.com if you want to pay more.

Because your server will apply a single SSL cert to all connections made to
a specific IP, it's still possible to make connections to other domains
hosted on the same IP over SSL. However, doing so will trigger the domain
cert for whatever.bob.com and the browser will throw up one of those happy:
"This appears to be an invalid certificate- the domain name does not match",
warning windows.

David Kazias
Eternity Web Designs Inc.
===============================

Does this mean that whenever anyone goes to another virtual host on the same IP 
address, say
hij.com instead of abc.com (eg. abc.com has the ssl certificate) then

"the browser will throw up one of those happy:
"This appears to be an invalid certificate- the domain name does not match",

Is there some way to get around this BROWSER WARNING?  Or is David incorrect?

thanks for any insight,

citizen






> At 1:31 PM -0400 9/22/03, citizen wrote:
> >Dear itoolers,
> >
> >On page 132 of the itools7 macosx guide, the following sentence can be 
> found.
> >
> >"Name based virtual hosts (hosts that share an IP
> >address) must share the certificate of the common IP
> >host. By default, iTools associates a certificate issued
> >to an IP based virtual host with all configured name
> >based virtual hosts that share that IP address."
> >
> >Does this mean that if abc.com has an SSL Cert and is assigned to ip 
> address
> >209.345.455.106, that def.com, ghi.com, and hij.com which are also 
> assigned to
> >the same ip address (209.345.455.106) will also use the same SSL 
> >Cert for abc.com
> >eliminating the need to buy one for each domain name?
> >
> 
> If you only have one IP address, you can only get one cert.
> So, yes, they will all use the same cert.
> This actually defeats the purpose of a cert being used to absolutely 
> identify a specific entity, but you wouldn't be the first to do this.
> -TTS
> 
---------
Tenon Intersystems' iTools Mailing List
To unsubscribe: send mail to 
itools-request@xxxxxxxxxxxxxxx
with the body only containing: 
unsubscribe
Find the searchable mailing list archives 
at:
http://itools.blackpepper.co.nz/
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SSL Certificate Format, Eric Yang
Next by Date:  RE: SSL Certs for IP Based Virtual Hosts, David Kazias
Previous by Thread:  SSL Certificate Format, Clint Davis
Next by Thread:  RE: SSL Certs for IP Based Virtual Hosts, David Kazias
Indexes:  [Date] [Thread] [Top] [All Lists]
| Tenon Home | Products | Order | Contact Us | About Tenon | Register | Tech Support | Resources | Press Room | Mailing Lists |

Powered By iTools

Copyright©2003 Tenon Intersystems, 232 Anacapa Street, Suite 2A, Santa Barbara, CA 93101. All rights reserved.
Questions about our website - Contact: webmaster@tenon.com.

Tenon Home Tenon Home Tenon Home Tenon Home Product Info Tenon Ordering Contact About Register Support Resources Press Mailing Lists