[96535] in RedHat Linux List
SSL question
daemon@ATHENA.MIT.EDU (Justin Kuntz)
Tue Oct 27 19:31:14 1998
From: "Justin Kuntz" <jkuntz@prominic.com>
To: redhat-list@redhat.com, aix-digest@dmshome.org
Date: Tue, 27 Oct 1998 18:29:43 -0600
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
I am curious about how SSL connections work. I know this isn't a web
server forum, but this is one of the few mailing lists I stay on because of
the depth and breadth of user knowledge that frequently monitor this list.
So, I am hoping one of you really bright people can help me understand this
process. :)
Basically, the goal is to have a single SSL key work for multiple virtual
domains. Right now I am trying to do this with Lotus Domino v4.6.2 (I am
hoping for a Linux port of it soon) on AIX v4.3. I tried doing something
similar with StrongHold under Red Hat Linux v5.1 a couple of months ago and
had a lot of problems with Stronghold, unfortunately. This was probably
more my fault than theirs, but anyway...
So, here is what I understand happens (in both Domino specifically and
SSL-capable Web servers in general):
1) The web server process starts up and binds to ports 80 and 443 by
default.
2) The server checks to see what Fully Qualified Domain Name (FQDN) it
should bind to, such as www.yourcompany.com. It also binds to any other
specified virtual domains -- in our case we will say it also binds to
www.mycompany.com.
3) The server then loads the SSL Key Ring Certificate that was specified by
the administrator. At this point initialization is complete (for my
purposes here) and we are ready to accept client connections.
Someone on the Net loads Netscape, IE, or another browser and types in
www.yourcompany.com. The default page loads using standard HTTP, and the
user clicks on the 'buy product' link (for example) which takes us to an
HTTPS / SSL protected page. Now the fun begins, and each browser seems to
handle it differently.
Netscape handshakes with the web server and the Certificate Authority
(VeriSign, Thawte, etc.) to generate the SSL encryption for the current
session. v4.05 on NT (what I just tested) seems to ignore if the Common
Name in the SSL key is different from the FQDN of the current site. IE v4
on NT (and presumably other browsers), however, WARNS the user if the FQDN
of the site is different from that of the SSL key. This means if I were to
go to the same page at www.mycompany.com under IE, I get a warning.... even
though www.mycompany.com is really just an alias (virtual domain) for the
same site as www.yourcompany.com.
Thus, the problem: how to make a *SINGLE* SSL key work with multiple
browsers using multiple virtual hosts. Any ideas?
Thank you,
Justin Kuntz
Prominic Technologies, Inc.
http://www.prominic.com
Voice: 217-244-4296 x 101
Fax: 217-244-4560
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.