Apache, Zope, and SSL with dynamic IP?
Hi, I wonder if anyone can point me to a howto to use Apache (https) as the front-end for a Zope server using a dynamic IP (cable) I have looked through the howto docs at zope and specially http://www.zope.org/Members/unfo/apache_zserver_ssl, but it seems that virtual hosts is not an option with ssl (?) Any suggestions or conf file examples? TIA, J
On Wed, 2002-07-24 at 11:14, Jordi YC wrote:
Hi,
I wonder if anyone can point me to a howto to use Apache (https) as the front-end for a Zope server using a dynamic IP (cable)
I have looked through the howto docs at zope and specially http://www.zope.org/Members/unfo/apache_zserver_ssl, but it seems that virtual hosts is not an option with ssl (?)
Any suggestions or conf file examples?
TIA,
J
An SSL-using virtual host is configured just like any other virtual host from Apache's persective (and therefore to Zope's as well assuming you're using ProxyPass or something to shift the traffic to Zope). I would expect issues with that dynamic IP, though -- SSL certificates are tied to IP addresses, which means the only cert you can use is the testing cert that comes with mod_ssl. -- Jack Coates Monkeynoodle: A Scientific Venture...
On 24 Jul 2002, Jack Coates wrote:
would expect issues with that dynamic IP, though -- SSL certificates are tied to IP addresses, which means the only cert you can use is the
Nope, a cert is tied to the *host name*. Stefan
Stefan H. Holek writes:
would expect issues with that dynamic IP, though -- SSL certificates are tied to IP addresses, which means the only cert you can use is the
Nope, a cert is tied to the *host name*. I read in the Apache documentation (about virtual hosts) that named virtual hosts cannot be supported for SSL "due to the nature of the SSL protocol", only IP based virtual hosts.
Dieter
Dieter Maurer <dieter@handshake.de> wrote:
... virtual hosts cannot be supported for SSL "due to the nature of the SSL protocol", only IP based virtual hosts.
In my own simple mind I have this filed as a catch22 class thing: to do virtual SSL hosts on one IP a server would need to know which virtual host is targetted to serve the right certificate. But it can't do that without negotiating with a certificate to get access to the clear datastream first ... N.
On Fri, 2002-07-26 at 01:05, Nigel Head wrote:
Dieter Maurer <dieter@handshake.de> wrote:
... virtual hosts cannot be supported for SSL "due to the nature of the SSL protocol", only IP based virtual hosts.
In my own simple mind I have this filed as a catch22 class thing: to
do virtual SSL hosts on one IP a server would need to know which virtual host is targetted to serve the right certificate. But it can't do that without negotiating with a certificate to get access to the clear datastream first ...
N.
but if the negotiation is done by an Apache vhost before it ProxyPasses the request to Zope.... -- Jack Coates Monkeynoodle: A Scientific Venture...
participants (5)
-
Dieter Maurer -
Jack Coates -
Jordi YC -
Nigel Head -
Stefan H. Holek