]> Windows WebDav SNI 🌐:aligrant.com

Windows WebDav SNI

Alastair Grant | Sunday 9 June 2013

You can run multiple web-sites off of one host using virtual hosting. When your client (e.g. a browser) contacts the web-site, it sends the host name (e.g. www.aligrant.com) as part of the request, and the server can identify which site you want and not one of the others hosted on the same server.

When it comes to secure web-sites that use SSL/TLS the request for the web-site is done after the secure connection is made. The snag here is that the name of the web-site must match the certificate for the SSL connection - but as the name of the site hasn't been sent it cannot do this.

Of course, this has been thought about and there is a standard to resolve this (RFC 4366). This works in a similar way as above, the name of the site you're interested in connecting to is sent as part of the secure connection setup. Problem solved. Pretty much every browser and client I've tried seems to support this.

Apart of course, for Windows WebDav client. The webdav client for Windows is pretty poor; this is yet another thing it doesn't support. You won't get any useful nor consistent error in return either. In order to support Windows you need to make sure your WebDav host is on the default host - i.e. if just the IP address of the server is entered, the certificate for your webdav server is returned and not any other virtual hosts instead.

Breaking from the voyeuristic norms of the Internet, any comments can be made in private by contacting me.