httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chad Morland" <chad.morl...@inquent.com>
Subject Re: Apache SSL question
Date Tue, 25 Jun 2002 15:34:31 GMT
RE: Apache SSL questionThat will not work... SSL will not work on namebased virtual hosts.
They must be IP based. 

The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP. When an
SSL connection (HTTPS) is established
Apache/mod_ssl has to negotiate the SSL protocol parameters with the client. For this mod_ssl
has to consult the configuration of the virtual server (for instance it has to look for the
cipher suite, the server certificate,). But in order to dispatch to the correct virtual server
Apache has to know the Host HTTP header field. For this the HTTP request header has to be
read. This cannot be done before the SSL
handshake is finished. But the information is already needed at the SSL handshake phase.


-CM
  ----- Original Message ----- 
  From: Dampf, Thorsten 
  To: 'users@httpd.apache.org' 
  Sent: Tuesday, June 25, 2002 9:39 AM
  Subject: RE: Apache SSL question


  Hi Alexander, 

  > I've meet a strange problem while setting up SSL on virtual hosts, 
  > sharing the same IP address. 
  > 
  > My configuration: 
  > ................................................................. 
  > Listen 80 
  > Listen 443 
  > NameVirtualHost 11.22.33.44:80 
  > NameVirtualHost 11.22.33.44:443 
  > 
  > <VirtualHost host1.mysite.com:443> 
  >              .......................... 
  >              SSLEngine on 
  >              ServerName host1.mysite.com 
  >              .......................... 
  > </VirtualHost> 
  > 
  > <VirtualHost host2.mysite.com:443> 
  >              .......................... 
  >              SSLEngine on 
  >              ServerName host2.mysite.com 
  >              .......................... 
  > </VirtualHost> 
  > ................................................................. 
  > 
  > Hosts host1.mysite.com and host2.mysite.com sharing same IP, say 
  > 11.22.33.44. 
  > 
  > While server starting SSL engine log file appended with warnings: 
  > 
  > ................................................................. 
  > [warn]  Init: SSL server IP/port conflict: admin.rack.ru:443 \ 
  >   (/usr/local/apache/conf/vhost.conf:21) vs. webmin.rack.ru:443 \ 
  >   (/usr/local/apache/conf/vhost.conf:50) 
  > [warn]  Init: You should not use name-based virtual hosts in \ 
  >   conjunction with SSL!! 
  > ................................................................. 
  > 
  > Is where any way to configure SSL for two virtual hosts on the same IP 
  > address? 
  > 



  Try this: 




  <VirtualHost 11.22.33.44>                               #IP-Adress without Port 
                .......................... 
                SSLEngine on 
                ServerName host1.mysite.com 
                .......................... 
  </VirtualHost> 
    
  <VirtualHost 11.22.33.44>                               #IP-Adress without Port 
                .......................... 
                SSLEngine on 
                ServerName host2.mysite.com 
                .......................... 
  </VirtualHost> 



  This should work! 

  Greetings 
  Thorsten 

  Thorsten Dampf 
  System Integration and Administration 

  paybox.net AG  :-)))            
  Am Prime Parc 6                 
  D  65479 Raunheim/Frankfurt  Germany 

  fon     +49.6142.407-1572 
  fax     +49.6142.407-1111 
  mobile  +49.172.949 85 26 

  mailto:thorsten.dampf@paybox.net         
  _____________________________________________________ 

  Mobile Payment Delivery Made Simple 
  PIA paybox Intelligent Architecture: http://www.paybox.net 
  _____________________________________________________ 


Mime
View raw message