A co-worker had a problem with using SetEnv
and SetEnvIf
in his Apache configuration, where the SetEnvIf
didn’t seem to be working. What he was running into was the fact that those two commands are implemented in separate Apache modules which happen to run in different request phases.
(more…)
This follow-up to my post about SSL and IP addresses covers using SSL with multiple ports on the same IP address. We often use alternate port numbers to provide test versions of a host or application, since just changing the port number keeps the ServerName
the same.
(more…)
UW Technology offers URL Forwarding and Masking services, but there are often questions about what they are and how they differ, as well as how they’re implemented.
(more…)
A question came up at the last Web Council Meeting about protecting a directory with Pubcookie. The page loaded, but CSS, Javascript, and images didn’t. This can almost always be fixed by using PubcookieAppID
in your .htaccess
file.
(more…)
There are times when it’s useful to be able to check an SSL cert’s subject or expiration date. In addition, it’s useful to both check the cert file and query a service. This is useful for more than just web servers; SMTP, IMAP, and LDAP are other services which use SSL certificates. There are several ways to check certs, and what I cover in this post is by no means exhaustive. (more…)
In a previous post I covered how to use DNS tools to find what host receives email, and in this one I’ll cover the recipient part of an email address which is to the left of the @. Exact details on how to control what happens for a particular address depends on the ISP, so I’ll only be covering the topic in general terms.
(more…)
A few weeks ago I wrote about each SSL certificate used on a web server needing to have its own IP address. I ran across a reference to RFC 2817, Upgrading to TLS Within HTTP/1.1. It describes a method to upgrade a connection to TLS (Transport Layer Security, the successor to SSL; I’ll use the terms interchangeably). It’s somewhat complex, and does indeed expand the request/response model along the same lines as basic authentication while taking advantage of HTTP/1.1 persistent connections.
Of course, just because something is described in an RFC doesn’t mean it’s being used. Apache has TLS Upgrade support as of 2.2, but at this time none of the browsers (at least the major ones) support the protocol. Even though it’s not really in use, it’s an interesting exercise to look at how it’s defined and think about implications of its use.
(more…)
DNS and email addresses often just work and we don’t have to think much about them. However, if you’re trying to set them up or debug a problem, it helps to understand how to do figure out how the mail is initially routed.
(more…)
It’s been a couple months since we switched to Exchange and I wanted to give an update on how things were going, most particularly oddities I’ve seen. In a nutshell, I’m just running across a cosmetic thing or two with email, but am still stumbling over scheduling calendar events and have some syncing issues.
(more…)
I’m often asked questions about using certificates with SSL-enabled web servers, mostly centered around hosting multiple sites on the same server. Many times my reply starts out as a series of questions to find out what the person is trying to do, who will be using the various servers, and how much the person is willing to spend.
The simplest answer is that each IP address can be associated with only one SSL certificate. There are, however, subtleties depending on the kind of certificate and the intended audience. Before I give an overview of how browsers, web servers, and SSL certificates interact, let me first define how I use various terms, and give a few examples of how we have various servers set up and what the ramifications are.
Update 25-Nov-2008: I’ve written a follow-up post about using TLS Upgrading which would allow multiple SSL certificates on one IP address, but browsers do not support it.
Update 3-Mar-2009: Another follow-up post about using multiple port numbers.
(more…)