Mailing List Archive: Cherokee: users

some questions about cherokee

Index | Next | Previous | View Threaded

mve at pcintelligence

Oct 17, 2009, 7:15 AM

Post #1 of 18 (1083 views)
Permalink

some questions about cherokee

Hi,

I got some questions about cherokee and setting up stuff.

How do I achieve the following:

- virtual host webmail.pcintelligence.nl, forward all http requests to
https and redirect the default / to /groupoffice/ ?

- a virtual host: www.pcintelligence.nl / = wordpress (can I use the
documentation on the cherokee-project.org website?)

- use /torrent as an alias outside the webroot and let it use html and php ?

- can I run 3 SSL websites with both unique ip-adresses?

Kind regards,

Michiel

_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

stefan at konink

Oct 17, 2009, 7:33 AM

Post #2 of 18 (1048 views)
Permalink

Re: some questions about cherokee [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel van Es schreef:
> - virtual host webmail.pcintelligence.nl, forward all http requests to
> https and redirect the default / to /groupoffice/ ?

Use the rule method to use the bind adress. That rule does an external
redirect to https.

The default would be a full url match to / with a redirect to
groupoffice (be efficient and make the http->https redirect already do
this.)

> - a virtual host: www.pcintelligence.nl / = wordpress (can I use the
> documentation on the cherokee-project.org website?)

Use the wizzard :)

> - use /torrent as an alias outside the webroot and let it use html and php ?

I think the trick for this one is having the php extension rule in the
right place; since you already have wordpress, just make sure /torrent
is a list&send.

> - can I run 3 SSL websites with both unique ip-adresses?

Using 3 different cherokee instances.

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkrZ1dQACgkQYH1+F2Rqwn3GYwCeMTwKoe20EcJJ7dlJK3GUo2q5
RPYAn2uAF7mOVQlxP1+BL4HYCUC3FEq2
=u6mO
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

mve at pcintelligence

Oct 17, 2009, 7:40 AM

Post #3 of 18 (1046 views)
Permalink

Re: some questions about cherokee [In reply to]

Stefan de Konink wrote:
> Michiel van Es schreef:
>> - virtual host webmail.pcintelligence.nl, forward all http requests to
>> https and redirect the default / to /groupoffice/ ?
>
> Use the rule method to use the bind adress. That rule does an external
> redirect to https.
>
> The default would be a full url match to / with a redirect to
> groupoffice (be efficient and make the http->https redirect already do
> this.)

Yes, I think a redirect rule would be the best and that it redirects
directly to /groupoffice

>
>> - a virtual host: www.pcintelligence.nl / = wordpress (can I use the
>> documentation on the cherokee-project.org website?)
>
> Use the wizzard :)

ok :)

>
>> - use /torrent as an alias outside the webroot and let it use html and php ?
>
> I think the trick for this one is having the php extension rule in the
> right place; since you already have wordpress, just make sure /torrent
> is a list&send.
>
>> - can I run 3 SSL websites with both unique ip-adresses?
>
> Using 3 different cherokee instances.

I also see you can choose to run every virtual server (host match) with
an ip-adress, and then fill in the certificate for every virtual host?
Do I really have to run 3 cherokee servers with own their resources
being used?

>
>
> Stefan
Michiel
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

stefan at konink

Oct 17, 2009, 7:48 AM

Post #4 of 18 (1056 views)
Permalink

Re: some questions about cherokee [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel van Es schreef:
> I also see you can choose to run every virtual server (host match) with
> an ip-adress, and then fill in the certificate for every virtual host?
> Do I really have to run 3 cherokee servers with own their resources
> being used?

Yes, because at the time a request arrives there. The certificate
exchange already has taken place. So that means the client needs SNI. A
client not having SNI is the only reason why you want to IP space.

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkrZ2SsACgkQYH1+F2Rqwn3raACgkDu1EhFnUt5OFxY/dse/SwJJ
CmAAn1VUc+6GOL5o90fo0woFtGvpFf8B
=h5tK
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

mve at pcintelligence

Oct 17, 2009, 1:37 PM

Post #5 of 18 (1045 views)
Permalink

Re: some questions about cherokee [In reply to]

Stefan de Konink wrote:
> Michiel van Es schreef:
>> I also see you can choose to run every virtual server (host match) with
>> an ip-adress, and then fill in the certificate for every virtual host?
>> Do I really have to run 3 cherokee servers with own their resources
>> being used?
>
> Yes, because at the time a request arrives there. The certificate
> exchange already has taken place. So that means the client needs SNI. A
> client not having SNI is the only reason why you want to IP space.
>

Just out of curiousity:
If I get it right, SSL virtual hosting in Cherokee is only available if:

- You use a really recent OpenSSL version (self compiled or the latest
or use Fedora/FreeBSD - most known Linux distro's won't have the OpenSSL
with SNI build in).

- Your clients have to use at least Vista or a recent Firefox (most big
organizations still use Windows 2000/XP and IE 7 but not the Vista IE 7
of even Windows 7)

I heard a couple of months a go that it would be perhaps possible to
implement the 'old' version of virtual hosts with unique ip-adresses and
use their own SSL certs/keys. Or at least cherokee project was thinking
about offering the old SSL virtual hosting.
Is this still going to be implemented or is cherokee the only webserver
forcing users to use SNI or run multiple cherokee instances (what is
waste of resources) ?

If I get it wrong, then please correct me but to my knowledge million
users are using one of the big famous Linux distro's and are not being
able to fully use cherokee with the default OpenSSL and settings they
installed from the system ? (let's not forget about the millions of
people working at banks or financial companies not being able to use
windows vista or firefox 2/3.* because their company policy are not
allowing them to use something different then Windows 2000/XP and IE 6/7.

Just my 0,02 $ regarding SSL and virtual hosting and the latest OpenSSL
techniques ;)

I just want to run old style SSL with uniq ip-adresses, is it going
possible with cherokee version * and the default OpenSSL version
provided by the package management and running 1 cherokee version or am
I force to use 3 cherokee's or upgrade my OpenSSL version manually with
source tarballs?

Kind Regards,

Michiel

>
> Stefan
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

stefan at konink

Oct 17, 2009, 4:06 PM

Post #6 of 18 (1044 views)
Permalink

Re: some questions about cherokee [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel van Es schreef:
> Just out of curiousity:
> If I get it right, SSL virtual hosting in Cherokee is only available if:
>
> - You use a really recent OpenSSL version (self compiled or the latest
> or use Fedora/FreeBSD - most known Linux distro's won't have the OpenSSL
> with SNI build in).

Since SNI is there for many years the above staments is /really/ invalid.

> - Your clients have to use at least Vista or a recent Firefox (most big
> organizations still use Windows 2000/XP and IE 7 but not the Vista IE 7
> of even Windows 7)

It has to be > IE6; the rest all supports it. And even if you use IE6
you will only get the nag screen, everything still works as expected.

> I heard a couple of months a go that it would be perhaps possible to
> implement the 'old' version of virtual hosts with unique ip-adresses and
> use their own SSL certs/keys. Or at least cherokee project was thinking
> about offering the old SSL virtual hosting.
> Is this still going to be implemented or is cherokee the only webserver
> forcing users to use SNI or run multiple cherokee instances (what is
> waste of resources) ?

I guess such things are always possible, and might get a speedup if
organisations that require this behavior get support contracts ;)

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkraThAACgkQYH1+F2Rqwn3mvACcCDqt0PEVC1pNtKaatW0zOoMb
a9gAn0zUdUzO9Re7vdC/4xIK8oLl4Be2
=Xe0o
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

mve at pcintelligence

Oct 18, 2009, 3:14 AM

Post #7 of 18 (1036 views)
Permalink

Re: some questions about cherokee [In reply to]

On Oct 18, 2009, at 1:06 AM, Stefan de Konink wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Michiel van Es schreef:
>> Just out of curiousity:
>> If I get it right, SSL virtual hosting in Cherokee is only
>> available if:
>>
>> - You use a really recent OpenSSL version (self compiled or the
>> latest
>> or use Fedora/FreeBSD - most known Linux distro's won't have the
>> OpenSSL
>> with SNI build in).
>
> Since SNI is there for many years the above staments is /really/
> invalid.

Yes but not many distro's use it yet.
I think Ubuntu Jaunty (the one I use use it:
root [at] pcintelw0:~# openssl version
OpenSSL 0.9.8g 19 Oct 2007

https://launchpad.net/ubuntu/jaunty/+source/openssl/+changelog (search
for tlsext)

right?

>
>> - Your clients have to use at least Vista or a recent Firefox (most
>> big
>> organizations still use Windows 2000/XP and IE 7 but not the Vista
>> IE 7
>> of even Windows 7)
>
> It has to be > IE6; the rest all supports it. And even if you use IE6
> you will only get the nag screen, everything still works as expected.

customers hate nag screens ;)

>
>> I heard a couple of months a go that it would be perhaps possible to
>> implement the 'old' version of virtual hosts with unique ip-
>> adresses and
>> use their own SSL certs/keys. Or at least cherokee project was
>> thinking
>> about offering the old SSL virtual hosting.
>> Is this still going to be implemented or is cherokee the only
>> webserver
>> forcing users to use SNI or run multiple cherokee instances (what is
>> waste of resources) ?
>
> I guess such things are always possible, and might get a speedup if
> organisations that require this behavior get support contracts ;)

That's gonna be a big one..but we'll see:)

Another question if I get openssl with tlsext enabled:

1) how do I cehck it with the openssl command that I really have it?
2) how do I set up ssl virtual hosting?

Michiel

>
>
>
> Stefan
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEAREKAAYFAkraThAACgkQYH1+F2Rqwn3mvACcCDqt0PEVC1pNtKaatW0zOoMb
> a9gAn0zUdUzO9Re7vdC/4xIK8oLl4Be2
> =Xe0o
> -----END PGP SIGNATURE-----

_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

mve at pcintelligence

Oct 18, 2009, 3:53 AM

Post #8 of 18 (1037 views)
Permalink

Re: some questions about cherokee [In reply to]

On Oct 18, 2009, at 12:14 PM, Michiel Van Es wrote:

>
> On Oct 18, 2009, at 1:06 AM, Stefan de Konink wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> Michiel van Es schreef:
>>> Just out of curiousity:
>>> If I get it right, SSL virtual hosting in Cherokee is only
>>> available if:
>>>
>>> - You use a really recent OpenSSL version (self compiled or the
>>> latest
>>> or use Fedora/FreeBSD - most known Linux distro's won't have the
>>> OpenSSL
>>> with SNI build in).
>>
>> Since SNI is there for many years the above staments is /really/
>> invalid.
>
> Yes but not many distro's use it yet.
> I think Ubuntu Jaunty (the one I use use it:
> root [at] pcintelw0:~# openssl version
> OpenSSL 0.9.8g 19 Oct 2007
>
> https://launchpad.net/ubuntu/jaunty/+source/openssl/+changelog
> (search for tlsext)
>
> right?
>
>>
>>> - Your clients have to use at least Vista or a recent Firefox
>>> (most big
>>> organizations still use Windows 2000/XP and IE 7 but not the Vista
>>> IE 7
>>> of even Windows 7)
>>
>> It has to be > IE6; the rest all supports it. And even if you use IE6
>> you will only get the nag screen, everything still works as expected.
>
> customers hate nag screens ;)
>
>>
>>> I heard a couple of months a go that it would be perhaps possible to
>>> implement the 'old' version of virtual hosts with unique ip-
>>> adresses and
>>> use their own SSL certs/keys. Or at least cherokee project was
>>> thinking
>>> about offering the old SSL virtual hosting.
>>> Is this still going to be implemented or is cherokee the only
>>> webserver
>>> forcing users to use SNI or run multiple cherokee instances (what is
>>> waste of resources) ?
>>
>> I guess such things are always possible, and might get a speedup if
>> organisations that require this behavior get support contracts ;)
>
> That's gonna be a big one..but we'll see:)
>
> Another question if I get openssl with tlsext enabled:
>
> 1) how do I cehck it with the openssl command that I really have it?
> 2) how do I set up ssl virtual hosting?

I thin I found it:
http://www.cherokee-project.com/doc/config_virtual_servers.html

But it states:

If you have several virtual servers, the Security section must be
configured for every one of them. At the moment you cannot have some
with HTTPS and some without. This makes sense, since by enabling the
feature in any one of them you are opening the HTTPS port in your
host, and receiving HTTPS requests for a virtual server that does not
provide the service would not be handled in a coherente manner. None
of the alternatives is very elegant in design: falling back to HTTP,
issuing an error that is likely to restart the HTTPS handshake, etc.
This behavior, however, might change in the future depending on the
popularity of any proposed mechanisms.

Does that mean I have to enable on every virtual host ssl? supplying
them with a certificate? (so if I have to buy a verisign certificate
for every virtual host?)
What about bulk hosting who want to supply mixed hosts (http and https
virtual hosts) ?

>
> Michiel
>
>
>>
>>
>>
>> Stefan
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.11 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iEYEAREKAAYFAkraThAACgkQYH1+F2Rqwn3mvACcCDqt0PEVC1pNtKaatW0zOoMb
>> a9gAn0zUdUzO9Re7vdC/4xIK8oLl4Be2
>> =Xe0o
>> -----END PGP SIGNATURE-----
>

_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

stefan at konink

Oct 18, 2009, 5:14 AM

Post #9 of 18 (1039 views)
Permalink

Re: some questions about cherokee [In reply to]

> Does that mean I have to enable on every virtual host ssl?
> supplying them with a certificate? (so if I have to buy a verisign
> certificate for every virtual host?)

They would have only the default cert, thus give a nag screen that the
domainname doesnt match.

> What about bulk hosting who want to supply mixed hosts (http and
> https virtual hosts) ?

The port will be always open, and only after key/exchange you can say
anything about the domainname.

Stefan

>
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

mve at pcintelligence

Oct 18, 2009, 10:10 AM

Post #10 of 18 (1041 views)
Permalink

Re: some questions about cherokee [In reply to]

On Oct 18, 2009, at 2:14 PM, Stefan de Konink wrote:

>
>> Does that mean I have to enable on every virtual host ssl?
>> supplying them with a certificate? (so if I have to buy a verisign
>> certificate for every virtual host?)
>
> They would have only the default cert, thus give a nag screen that
> the domainname doesnt match.

If I get it correctly: one certificate for all websites?
How does it work if I get an ssl website for webmail.pcintelligence.nl
and www.pcintelligence.nl and calendar.pcintelligence.nl ?
How do the browser and the server will connect correctly without the
nagging?

>
>> What about bulk hosting who want to supply mixed hosts (http and
>> https virtual hosts) ?
>
> The port will be always open, and only after key/exchange you can
> say anything about the domainname.
>
>
Michiel

> Stefan
>
>
>>

_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

stefan at konink

Oct 18, 2009, 10:13 AM

Post #11 of 18 (1034 views)
Permalink

Re: some questions about cherokee [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel Van Es schreef:
> If I get it correctly: one certificate for all websites?
> How does it work if I get an ssl website for webmail.pcintelligence.nl
> and www.pcintelligence.nl and calendar.pcintelligence.nl ?
> How do the browser and the server will connect correctly without the
> nagging?

That is what SNI figures out for you ;)

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkrbTMAACgkQYH1+F2Rqwn3VpACfe4ZDEecOqu4ZaKKjknIGqGqP
DGwAn0bwaimarq41ooE9E6qSVnaQu9JU
=HAHJ
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

mve at pcintelligence

Oct 18, 2009, 10:15 AM

Post #12 of 18 (1034 views)
Permalink

Re: some questions about cherokee [In reply to]

On Oct 18, 2009, at 7:13 PM, Stefan de Konink wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Michiel Van Es schreef:
>> If I get it correctly: one certificate for all websites?
>> How does it work if I get an ssl website for
>> webmail.pcintelligence.nl
>> and www.pcintelligence.nl and calendar.pcintelligence.nl ?
>> How do the browser and the server will connect correctly without the
>> nagging?
>
> That is what SNI figures out for you ;)

So if I get it correct: one certificate for all your ssl enabled
websites?
Only 1 ip and you need openssl with SNI and the browsers who support
it right?
Thus saving on the costs for ip-adresses and certificates?

Michiel

>
>
> Stefan
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEAREKAAYFAkrbTMAACgkQYH1+F2Rqwn3VpACfe4ZDEecOqu4ZaKKjknIGqGqP
> DGwAn0bwaimarq41ooE9E6qSVnaQu9JU
> =HAHJ
> -----END PGP SIGNATURE-----

_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

stefan at konink

Oct 18, 2009, 10:16 AM

Post #13 of 18 (1046 views)
Permalink

Re: some questions about cherokee [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel Van Es schreef:
>> So if I get it correct: one certificate for all your ssl enabled
>> websites?

You have one default certificate for your 'default' website. That one is
used in first contact.

>> Only 1 ip and you need openssl with SNI and the browsers
>> who support it right? Thus saving on the costs for ip-adresses and
>> certificates?

Not the certificates. You would still require a valid certificate for
each domain.

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkrbTYEACgkQYH1+F2Rqwn0+xACeKjYBm3G9CFw66+n6TY+i8OWl
dyoAn2jAIZr7vaySaxPtkS+KygE6rrmQ
=CQMy
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

mve at pcintelligence

Oct 18, 2009, 10:21 AM

Post #14 of 18 (1044 views)
Permalink

Re: some questions about cherokee [In reply to]

On Oct 18, 2009, at 7:16 PM, Stefan de Konink wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Michiel Van Es schreef:
>>> So if I get it correct: one certificate for all your ssl enabled
>>> websites?
>
> You have one default certificate for your 'default' website. That
> one is
> used in first contact.

Does the browser care when it connects with SNI what the certificate
states?
For example how would I setup my default website when I want to use
SNI with webmail,www and calendar.pcintelligence.nl ?
What do I provide on every irtual host? Their own certificate and on
the other virtual hosts without SSL the default website certificate?

>
>>> Only 1 ip and you need openssl with SNI and the browsers
>>> who support it right? Thus saving on the costs for ip-adresses and
>>> certificates?
>
> Not the certificates. You would still require a valid certificate for
> each domain.
>
>
Michiel

> Stefan
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEAREKAAYFAkrbTYEACgkQYH1+F2Rqwn0+xACeKjYBm3G9CFw66+n6TY+i8OWl
> dyoAn2jAIZr7vaySaxPtkS+KygE6rrmQ
> =CQMy
> -----END PGP SIGNATURE-----

_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

stefan at konink

Oct 18, 2009, 10:23 AM

Post #15 of 18 (1042 views)
Permalink

Re: some questions about cherokee [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel Van Es schreef:
>> Does the browser care when it connects with SNI what the certificate
>> states?
>> For example how would I setup my default website when I want to use SNI
>> with webmail,www and calendar.pcintelligence.nl ?
>> What do I provide on every irtual host? Their own certificate and on the
>> other virtual hosts without SSL the default website certificate?

... I refer you to our perfect documentation ;)

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkrbTwAACgkQYH1+F2Rqwn3+swCghuEHWlh3S+mdAIEdHoPPLx7w
v9QAn1fkZOqqor2Km+jGLq7hAjX/5xD6
=Pp3U
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

mve at pcintelligence

Oct 18, 2009, 10:40 AM

Post #16 of 18 (1038 views)
Permalink

Re: some questions about cherokee [In reply to]

On Oct 18, 2009, at 7:23 PM, Stefan de Konink wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Michiel Van Es schreef:
>>> Does the browser care when it connects with SNI what the certificate
>>> states?
>>> For example how would I setup my default website when I want to
>>> use SNI
>>> with webmail,www and calendar.pcintelligence.nl ?
>>> What do I provide on every irtual host? Their own certificate and
>>> on the
>>> other virtual hosts without SSL the default website certificate?
>
> ... I refer you to our perfect documentation ;)

Allright, is there a way to test on the command line if SNI is enabled
or not?

Michiel
>
>
> Stefan
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEAREKAAYFAkrbTwAACgkQYH1+F2Rqwn3+swCghuEHWlh3S+mdAIEdHoPPLx7w
> v9QAn1fkZOqqor2Km+jGLq7hAjX/5xD6
> =Pp3U
> -----END PGP SIGNATURE-----

_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

mve at pcintelligence

Oct 19, 2009, 3:06 AM

Post #17 of 18 (1028 views)
Permalink

Re: some questions about cherokee [In reply to]

-------- Original Message --------
Subject: Re: [Cherokee] some questions about cherokee
From: Michiel Van Es <mve [at] pcintelligence>
To: Stefan de Konink <stefan [at] konink>
Date: 10/18/2009 07:40 PM

> On Oct 18, 2009, at 7:23 PM, Stefan de Konink wrote:
>
> Michiel Van Es schreef:
>>>>> Does the browser care when it connects with SNI what the certificate
>>>>> states?
>>>>> For example how would I setup my default website when I want to
>>>>> use SNI
>>>>> with webmail,www and calendar.pcintelligence.nl ?
>>>>> What do I provide on every irtual host? Their own certificate and
>>>>> on the
>>>>> other virtual hosts without SSL the default website certificate?
> ... I refer you to our perfect documentation ;)
>
>> Allright, is there a way to test on the command line if SNI is enabled
>> or not?

The problem is that cherokee and firefox 3 are still connecting to my
default cert (www.pcintelligence.nl) and are not correctly connecting to
the virtual host if I press :Agree and OK.
Therfor I want to check if tlsext is enabled in my openssl version.. ;)

Michiel

>
>> Michiel
>
> Stefan

> _______________________________________________
> Cherokee mailing list
> Cherokee [at] lists
> http://lists.octality.com/listinfo/cherokee
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

mve at pcintelligence

Oct 23, 2009, 1:26 AM

Post #18 of 18 (1006 views)
Permalink

Re: some questions about cherokee [In reply to]

help?! :)
I really want to use SNI with Cherokee but I don't know how to check if
my openssl is ready, I think so but when I test it, it still doesn't
connecto to the right virtual host.

Kind regards,

Michiel
-------- Original Message --------
Subject: Re: [Cherokee] some questions about cherokee
From: Michiel van Es <mve [at] pcintelligence>
To: Stefan de Konink <stefan [at] konink>
Date: 10/19/2009 12:06 PM

>
> -------- Original Message --------
> Subject: Re: [Cherokee] some questions about cherokee
> From: Michiel Van Es <mve [at] pcintelligence>
> To: Stefan de Konink <stefan [at] konink>
> Date: 10/18/2009 07:40 PM
>
>> On Oct 18, 2009, at 7:23 PM, Stefan de Konink wrote:
>>
>> Michiel Van Es schreef:
>>>>>> Does the browser care when it connects with SNI what the certificate
>>>>>> states?
>>>>>> For example how would I setup my default website when I want to
>>>>>> use SNI
>>>>>> with webmail,www and calendar.pcintelligence.nl ?
>>>>>> What do I provide on every irtual host? Their own certificate and
>>>>>> on the
>>>>>> other virtual hosts without SSL the default website certificate?
>> ... I refer you to our perfect documentation ;)
>>
>>> Allright, is there a way to test on the command line if SNI is enabled
>>> or not?
>
> The problem is that cherokee and firefox 3 are still connecting to my
> default cert (www.pcintelligence.nl) and are not correctly connecting to
> the virtual host if I press :Agree and OK.
> Therfor I want to check if tlsext is enabled in my openssl version.. ;)
>
> Michiel
>
>>> Michiel
>> Stefan
>
>> _______________________________________________
>> Cherokee mailing list
>> Cherokee [at] lists
>> http://lists.octality.com/listinfo/cherokee
> _______________________________________________
> Cherokee mailing list
> Cherokee [at] lists
> http://lists.octality.com/listinfo/cherokee
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads