Hi,
On Thu, Jul 05, 2001 at 01:05:55PM +0200, Martin Hierling wrote:
> > 2. https certificates are by url name, not by IP. You can have any number
> > of certificates on a real-server.
>
> Partly correct.
> You can´t do Name Based VHosts, because the SSL Stuff is done before HTTP
> snaps in. So at the Beginning there is only the IP:Port and no
> www.domain.com.
> Look at http://www.modssl.org/docs/2.4/ssl_faq.html
> "Why can't I use SSL with name-based/non-IP-based virtual hosts?"
Yes. With LVS-NAT this would be no problem (targeting different
ports on the RS's). But with direct routing i need different virtual IP's
on the RS. The qustion: will the return traffic use the VIP-IP by
default? Otherwise the client will notice the mismatch during the SSL
handshake.
Cheers,
Dirk
|