Bug #680
closedVirtual hosts do not support multiple certificates.
Description
Trying to get more than one certificate working. Each virtual host should have its own certificate file. Right now, only the first certificate file is used.
Example simplified profile (only pertinent lines kept)...
server.port = 443
ssl.engine="enable"
ssl.pemfile="/etc/lighttpd/ssl/intranet.pem" # don't really want this here!
$HTTP["host"] =~ "intranet.example.com" {
ssl.pemfile="/etc/lighttpd/ssl/intranet.pem"
}
$HTTP["host"] =~ "wiki.intranet.com" {
ssl.pemfile="/etc/lighttpd/ssl/wiki.pem"
}
-- mwlang
Updated by Anonymous almost 19 years ago
It's impossible to set up name based virtual hosts for HTTPS. You need one IP per HTTPS host.
The name used to select the correct virtual host is carried in the HTTPS traffic and is therefore encrypted. Before it can be decrypted, the web server has to select an appropriate certificate to offer to the browser, but to do that it needs to know which site it's serving.-- skithund
Updated by Anonymous almost 18 years ago
It's impossible to set up name based virtual hosts for HTTPS. You need one IP per HTTPS host.
Not quite right if you're using TLS feature SNI:
see
http://trac.lighttpd.net/trac/ticket/386
and
http://wiki.cacert.org/wiki/VhostTaskForce
under Nr. 5.
Only Safari does not support this technique, as you could see in the "Interoperability Test"
-- descartes
Updated by asliebe over 17 years ago
I'd really appreciate any developement on this, imagine what this could help users with a dynamic dialin account using some sort of dynamic dns service and ssl.
@jan you could change the milestone to 1.5 and raise the severity and/or priority, this may take some attention to the developers on this
Updated by jan over 17 years ago
- Status changed from New to Fixed
- Resolution set to invalid
closing as "invalid"
the feature request is another ticket: #386
Also available in: Atom