From: Mike Fischer (mike.fischer_at_ipsi.fraunhofer.de)
Date: Fri 26 Sep 2003 - 13:53:51 BST
Paul Sladen wrote:
> On Fri, 26 Sep 2003, Mike Fischer wrote:
>>Sam Stickland wrote:
>>
>>>Out of interest, why are you alloacting an IP address per VirtualHost?
>>SSL. Can't run SSL on VirtualHosts without an assigned IP-Address.
> You /can/ run multiple SSL sites on the same IP. Just that you cannot have
> a proper /certficate/ for more than one.
Yes and this way you hinder all progress people are trying to make in
setting up proper security procedures (and getting users to be aware of
them).
Certificates are completely useless unless used with the corresponding
server. Anything else would be like everyone from one family sharing the
same ID-card with the grandfathers photo on it. Only the cops don't just
click away one pesky window...
Let's not argue about this. I'm glad for your shared wisdom and that I
didn't have to find out the hard way about the IPROOT cap. And I promise
not to waste so many IP-addresses.
>>Hope not everyone will want SSL access.
> Unless they are willing to pay SEVERAL HUNDRED DOLLAH extra for the
> signed certificate, they're hardly going to be wanting SSL...
>
Company has it's own root-CA. It's sufficient for what SSL is currently
being used for.
Thanks for the help.
Regards,
Mike