You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Gulati, Sushant" <Su...@altisource.com> on 2011/06/17 15:51:35 UTC

[users@httpd] Wildcard SSL Certificate Traffic Segregation

First of all I really appreciate all the help I've received from this
mailing list. 

 

We have a setup with a Wildcard SSL certificate for *.mydomain.com.
There is a Tomcat server running in the background integrated with
Apache through mod_jk. Till now, all the requests to www.mydomain.com
were redirected to www.mydomain.com/mycontext/ . Similarly all requests
to abc.mydomain.com were redirected to abc.mydomain.com/mycontext/ . 

 

Now we have a new requirement to have all requests to www.mydomain.com
to be redirected to Tomcat A with the context root as mycontext and any
other request, e.g. abc.mydomain.com or def.mydomain.com to be
redirected to Tomcat B with mycontext as the context root. The Name
based Virtual Hosting will not work probably because of the SSL traffic.
I am also thinking of using different context roots for different URLs,
to segregate the traffic. Any help/suggestions/pointers would be most
welcome J. 

 

Regards,

Sushant Gulati

________________________________________________________________________
_______

 




*******************************************************************************************************

This E-mail message and its attachments, if any are intended solely for the use of the addressee hereof. In addition, this message and the attachments, if any may contain information that is confidential, privileged and exempt from disclosure under applicable law. If you are not the intended recipient of this message, you are prohibited from reading, disclosing, reproducing, distributing, disseminating or otherwise using this transmission. 


Delivery of this message to any person other than the intended recipient is not intended to waive any right or privilege. If you have received this message in error, please promptly notify the sender by reply E-mail and immediately delete this message from your system.  Instructions transmitted over this system are not binding on us until they are confirmed by us. Message transmission is not guaranteed to be secure or free of software virus. While Altisource Portfolio Solutions and its subsidiaries collectively "Altisource" takes every reasonable precaution to minimize such risks, Altisource cannot accept liability for any damage sustained by you or any third party as a result of software viruses.

*******************************************************************************************************

RE: [users@httpd] Wildcard SSL Certificate Traffic Segregation

Posted by "Gulati, Sushant" <Su...@altisource.com>.
Thanks a lot for your help Tom. I will try it out at my end.

Regards,
Sushant Gulati
_____________________________________________________________________________________________

-----Original Message-----
From: Tom Evans [mailto:tevans.uk@googlemail.com] 
Sent: Friday, June 17, 2011 7:29 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Wildcard SSL Certificate Traffic Segregation

On Fri, Jun 17, 2011 at 2:51 PM, Gulati, Sushant
<Su...@altisource.com> wrote:
> First of all I really appreciate all the help I’ve received from this
> mailing list.
>
>
>
> We have a setup with a Wildcard SSL certificate for *.mydomain.com. There is
> a Tomcat server running in the background integrated with Apache through
> mod_jk. Till now, all the requests to www.mydomain.com were redirected to
> www.mydomain.com/mycontext/ . Similarly all requests to abc.mydomain.com
> were redirected to abc.mydomain.com/mycontext/ .
>
>
>
> Now we have a new requirement to have all requests to www.mydomain.com to be
> redirected to Tomcat A with the context root as mycontext and any other
> request, e.g. abc.mydomain.com or def.mydomain.com to be redirected to
> Tomcat B with mycontext as the context root. The Name based Virtual Hosting
> will not work probably because of the SSL traffic. I am also thinking of
> using different context roots for different URLs, to segregate the traffic.
> Any help/suggestions/pointers would be most welcome J.
>
>
>

Name based vhosts work well with SSL as long as you are serving all
vhosts using the same certificate. If this is a wildcard certificate,
and all the domains used in the vhosts are covered by that
certificate, then name based vhosts will work fine.

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




*******************************************************************************************************

This E-mail message and its attachments, if any are intended solely for the use of the addressee hereof. In addition, this message and the attachments, if any may contain information that is confidential, privileged and exempt from disclosure under applicable law. If you are not the intended recipient of this message, you are prohibited from reading, disclosing, reproducing, distributing, disseminating or otherwise using this transmission. 


Delivery of this message to any person other than the intended recipient is not intended to waive any right or privilege. If you have received this message in error, please promptly notify the sender by reply E-mail and immediately delete this message from your system.  Instructions transmitted over this system are not binding on us until they are confirmed by us. Message transmission is not guaranteed to be secure or free of software virus. While Altisource Portfolio Solutions and its subsidiaries collectively "Altisource" takes every reasonable precaution to minimize such risks, Altisource cannot accept liability for any damage sustained by you or any third party as a result of software viruses.

*******************************************************************************************************

Re: [users@httpd] Wildcard SSL Certificate Traffic Segregation

Posted by Tom Evans <te...@googlemail.com>.
On Fri, Jun 17, 2011 at 2:51 PM, Gulati, Sushant
<Su...@altisource.com> wrote:
> First of all I really appreciate all the help I’ve received from this
> mailing list.
>
>
>
> We have a setup with a Wildcard SSL certificate for *.mydomain.com. There is
> a Tomcat server running in the background integrated with Apache through
> mod_jk. Till now, all the requests to www.mydomain.com were redirected to
> www.mydomain.com/mycontext/ . Similarly all requests to abc.mydomain.com
> were redirected to abc.mydomain.com/mycontext/ .
>
>
>
> Now we have a new requirement to have all requests to www.mydomain.com to be
> redirected to Tomcat A with the context root as mycontext and any other
> request, e.g. abc.mydomain.com or def.mydomain.com to be redirected to
> Tomcat B with mycontext as the context root. The Name based Virtual Hosting
> will not work probably because of the SSL traffic. I am also thinking of
> using different context roots for different URLs, to segregate the traffic.
> Any help/suggestions/pointers would be most welcome J.
>
>
>

Name based vhosts work well with SSL as long as you are serving all
vhosts using the same certificate. If this is a wildcard certificate,
and all the domains used in the vhosts are covered by that
certificate, then name based vhosts will work fine.

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Wildcard SSL Certificate Traffic Segregation

Posted by Margus Pärt <ma...@tione.eu>.
If you are using only SSL without client (smarotcard etc)
authentication, you could to it so:

<VirtualHost SSL_IP:SSL_PORT>
  ...
  ProxyPass / http://localhost/
  ProxyPassReverse / http://localhost/
  ...
</VirtualHost>

(also you should have mod_rpaf taken into use for correct IP-s. You
would be doing double proxying, but could have named based thing working
fine.)

Another solution would be doing conditional rewriting in SSL host for
hostname
(http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewritecond).

Br,
Margus



On Fri, 2011-06-17 at 19:21 +0530, Gulati, Sushant wrote:
> First of all I really appreciate all the help I’ve received from this
> mailing list. 
> 
>  
> 
> We have a setup with a Wildcard SSL certificate for *.mydomain.com.
> There is a Tomcat server running in the background integrated with
> Apache through mod_jk. Till now, all the requests to www.mydomain.com
> were redirected to www.mydomain.com/mycontext/ . Similarly all
> requests to abc.mydomain.com were redirected to
> abc.mydomain.com/mycontext/ . 
> 
>  
> 
> Now we have a new requirement to have all requests to www.mydomain.com
> to be redirected to Tomcat A with the context root as mycontext and
> any other request, e.g. abc.mydomain.com or def.mydomain.com to be
> redirected to Tomcat B with mycontext as the context root. The Name
> based Virtual Hosting will not work probably because of the SSL
> traffic. I am also thinking of using different context roots for
> different URLs, to segregate the traffic. Any
> help/suggestions/pointers would be most welcome J. 
> 
>  
> 
> Regards,
> 
> Sushant Gulati
> 
> _______________________________________________________________________________
> 
>  
> 
> 
>  
> 
>  
> 
> *******************************************************************************************************
> 
>  
> 
> This E-mail message and its attachments, if any are intended solely
> for the use of the addressee hereof. In addition, this message and the
> attachments, if any may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If you are
> not the intended recipient of this message, you are prohibited from
> reading, disclosing, reproducing, distributing, disseminating or
> otherwise using this transmission. 
> 
>  
> 
>  
> 
> Delivery of this message to any person other than the intended
> recipient is not intended to waive any right or privilege. If you have
> received this message in error, please promptly notify the sender by
> reply E-mail and immediately delete this message from your system.
> Instructions transmitted over this system are not binding on us until
> they are confirmed by us. Message transmission is not guaranteed to be
> secure or free of software virus. While Altisource Portfolio Solutions
> and its subsidiaries collectively "Altisource" takes every reasonable
> precaution to minimize such risks, Altisource cannot accept liability
> for any damage sustained by you or any third party as a result of
> software viruses.
> 
>  
> 
> *******************************************************************************************************
> 
>  
> 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org