mod_gnutls: NameVirtualHost gets wrong Cert
Charley Collins
charley.internet at collins.ch
Wed Oct 15 22:19:59 CEST 2008
Thank you for your answers.
IE7, Firfox and Opera 8 support Server Name Indication, but I did not
know that IE7 on Xp does NOT support Server Name Indication. This was my
Problem...
Regards
Charley
Daniel Kahn Gillmor schrieb:
> On Wed 2008-10-15 04:59:39 -0400, Sebastien Decugis wrote:
>
>
>> According to your configuration file, you are using two virtualhosts
>> with the same IP address and different names. It is impossible to
>> use https in this configuration.
>>
>
> This is no longer the case with modern TLS clients, and the poster has
> a legitimate question. For example, for years now people have been
> able to use a single certificate with a single TLS service (on a
> single port of a single IP address) with all target names listed in an
> X.509v3 SubjectAltName extension in the certificate itself.
>
> But the OP is asking about being able to switch certificates based on
> the host name, which is a TLS extension known as "Server Name
> Indication". Please see:
>
> http://tools.ietf.org/html/rfc4366#section-3.1
>
> The question is very much relevant to gnutls, since mod_gnutls is one
> of the first apache modules to implement support for this extension.
>
> Sorry i don't have any answers myself!
>
> --dkg
>
More information about the Gnutls-devel
mailing list