[ale] Multiple virt https hosts under Apache/mod_ssl

[Chuck Huber]

On Thu, Jan 02, 2003 at 08:58:45AM -0500, Jim Popovitch wrote:
> I think the problem/limit is within Apache and mod_ssl.

No... Jerry's right when he says it's the protocol.  In an abbreviated fashion,
here's what happens in SSL:

    Client:  <connects to server>
    Server: "Here's my public key" <sends public key to client.>
    Client: Generates 128-bit symetrical key and encrypts it with
            the server's public key.  Sends encrypted symetric key
            to server.
    From this point on, all communication between the client and the
    server is encrypted with the 128-bit symetric key that was generated
    by the client.

That's SSL - it has nothing to do with x503 certificates. The
problem is that when the client connects to the server, the server must
be able to determine which public key to send.  The only information the
server has to do so is IP address and port.

> otherwise as I am looking to avoid having 7 separate Apache installations on
> one box.  ;)

I'll try a couple of things and let you know if I get it to work.

Enjoy,
    - Chuck

-- 
"The purpose of encryption is to protect good people
from bad people, not to protect bad people from the government."
     Scott McNealy, CEO Sun Microsystems
"The best way for government to control people is to remain in
   a constant threat of war." ---Karl Marx
(18 USC 242), which applies to government agents overstepping their
authority:
  "Whoever, under color of any law, statute, ordinance, regulation,
  or custom, willfully subjects any person in any State, Territory,
  or District to the deprivation of any rights, privileges, or
  immunities secured or protected by the Constitution or laws of
  the United States, . . . shall be fined under this title or
  imprisoned not more than one year, or both . . ."

 PGP signature