Multiple HTTPS sites on one IP address, was: Re: [CentOS] Self-signed certificates

Tue Jan 24 09:57:22 UTC 2006
Chris Croome <chris at webarchitects.co.uk>

Hi

On Tue 24-Jan-2006 at 10:40:44AM +0100, Ralph Angenendt wrote:
> Chris Croome wrote:
> > 
> >   http://wiki.cacert.org/wiki/VhostTaskForce
> 
> Thank you very much for that information.

No problem, this wiki page isn't the easiest to follow... I'll see if I
can do a better one...

> On the other hand that issue would be much easier if browsers and
> webservers knew how to do "STARTTLS", so that the domain name the
> request is going to is known by the webserver. The session *then* can
> be encrypted with the key for exactly that domain.

Right, this is the RFC that covers this?

- HTTP Over TLS
  http://www.ietf.org/rfc/rfc2818.txt

I'd like to see server and browsers supporting RFC 2817 also, but
I seem to rememeber that when it was raised on Mozilla's bugzilla there
wasn't much support for it... and there are issues with is, see
discussion of it on the Apache site [1]:

- Upgrading to TLS Within HTTP/1.1
  http://www.ietf.org/rfc/rfc2817.txt

Chris

[1] http://www.google.com/search?q=rfc2817+site%3Aapache.org

-- 
Chris Croome                               <chris at webarchitects.co.uk>
web design                             http://www.webarchitects.co.uk/ 
web content management                               http://mkdoc.com/