httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Tonhofer, m-plify S.A." <d.tonho...@m-plify.com>
Subject Virtual Hosts and SSL ... may be a trivial question
Date Mon, 24 Jun 2002 21:27:34 GMT
Good day people - I have now finished installed 2.0.39 without too big
a hitch...but there is still something which bothers me. Here goes:

So I have Apache 2.0.39 on a machine that sits between our LAN
and the Internet. We connect to the Internet using DSL, so the machine's
outside IP address may change. But we have a dynamic DNS entry through
dyndns.org.



                             +-----------+
      Internet---------------| mymachine |--------------------LAN
                             +-----------+

  https://mymachine.dyndns.org/                      https://mymachine/


I'm trying to set up name-based virtual hosts in order to deliver different
SSL certificates depending on whether a user connects from outside or from 
the
inside. This is necessary because otherwise the browser can't match the
URL to the name found in the certificate and will complain.

User connecting from outside get the certificate for 'mymachine.dyndns.org',
as they access https://mymachine.dyndns.org.

User connecting from inside get the certificate for 'mymachine' instead, as 
they
access https://mymachine.

Trial and error brought me to this setup (abstracted), which works. Note 
that
the machine has address 192.168.1.8 on the LAN side:

NameVirtualHost *:443

<VirtualHost 192.168.1.8:443>
  ServerName myserver:443
  SSLCertificateFile    myserver.pem
  SSLCertificateKeyFile myserver.key
</VirtualHost>

<VirtualHost *:443>
  ServerName myserver.dyndns.org:443
  SSLCertificateFile    myserver.dyndns.org.pem
  SSLCertificateKeyFile myserver.dyndns.org.key
</VirtualHost>



AND NOW...FOR THE QUESTION:



An earlier setup, given below did **NOT** work -- and I don't see why not.
In that case, connections to both 'myserver' and 'myserver.dyndns.org' 
resulted
in the presentation of the 'myserver.pem' certificate. But this should not
be - after all it's the ServerName directive that should make the
first entry NOT match a request for myserver.dyndns.org

NameVirtualHost *:443

<VirtualHost *:443>
  ServerName myserver:443
  SSLCertificateFile    myserver.pem
  SSLCertificateKeyFile myserver.key
</VirtualHost>

<VirtualHost *:443>
  ServerName myserver.dyndns.org:443
  SSLCertificateFile    myserver.dyndns.org.pem
  SSLCertificateKeyFile myserver.dyndns.org.key
</VirtualHost>




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message