On Tuesday 06 January 2004 09:43 pm, Cynthia Kiser wrote:
What you have done is not impossible - but it is the only possible option and most folks find it unacceptable. You have use the same certificate for all hosts and so all but one of them will pop up the name mis-match warning message. In a number of situations, that is unacceptable. For example, would you give your credit card # to a site that did not have its own SSL certificate?
I understand that. I indicated in my post that the shared certificate was a problem with the setup, though I probably underplayed its significance. For the specific sites involved it is not at all critical (the SSL is perhaps superfluous to begin with), and they are in use by a limited number of people who can easily be made aware of the certificate warning issue. I was just responding to the above post, which stated that it such configurations were entirely impossible, not merely ill-advised. That post was in turn a response to a post which claimed that it was possible as long as you were willing to share a certificate among multiple hosts, a point upon which we both agree and the above post disagreed. The links in that post seem to bear out the claim that NameVirtualHost is entirely impossible under SSL with Apache 2.0 (according to the documentation, I've never tried). I simply intended to point out that at least in earlier versions (still in widespread use) it is doable. There are certainly instances where such a configuration can be useful, despite its imperfections. Alec