httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philippe Veronneau <>
Subject Re: DNRE: [users@httpd] ServerName without the www
Date Tue, 26 Nov 2002 15:00:46 GMT
>I'm not sure what you mean by "associated with it" - that term is a bit
>vague. There are two things which have to match *exactly* for SSL to
>work without complaining. These are:
A whois made for ("") will get to us.

>1) The site has to have a unique fully-qualified domain name, like
> Note that  and are two different
>FQDNs - even if they resolve to the same IP and even if they are aliases
>of the same site.
That's the core of the problem.

>2) The certificate has a "common name" which is built in when the
>certificate is created. This is usually like
The certificate was created for "" and NOT ""

>For SSL to work properly, the site FQDN must exactly match the
>certificate Common Name. 
The domain name we paid for leads to "", there is no DNS 
server on the destination,
so basically, I wonder why "" even works when there's 
no DNS that knows what
to do with www. and the ServerName directive in the httpd.conf is set to

>A consequence of this is that it makes no sense to have a ServerAlias on
>an SSL site (SSL sites have to be distinguishable based entirely on
>TCP/IP attributes, i.e. IP address and port name. The Host header is not
>It is not clear what FQDNs you have registered in DNS (i.e. do you have
> registered?). In any case, I am assuming you want to have
>HTTP on and HTTPS on If so, this is
>port based virtual-hosting. You need:
The FQDN is, the SSL cert commonname is and 
it's apache-ssl
from the debian port collection only listening on port 443 (server name 
set as

>- -> your-IP-addr in DNS
>- -> your-IP-addr in DNS
>- SSL cert with CommonName = ""
>- plain HTTP VH, listening on port 80, ServerName = ""
>- HTTPS VH, listening on port 443, ServerName = ""
>Note that the HTTPS ServerName directive, while not used for VH
>recognition, is necessary to form redirect URLs.
That's what basically I've been toying a lot.  Trying different global 
ServerName values, trying a lot
of vhost setting.

What I need would be only this part
ServerName =


>Owen Boyle.
Thanks for taking time to help here, It's appreciated.

>>I configured an apache-ssl webserver that has a domain name 
>>"" associated with it.
>>When I try to access, my certificate whines 
>>about not behing meant for
>> but to instead.  I try to access 
>> but it
>>won't access it like I want it to do.  Because the certificate 
>>wants to 
>>see and not,
>>it is imperative that I get apache-ssl to work without the www. before 
>>the servername.
>>I tried to name the servername only and tried 
>>also to make 
>>a virtualhost of
>>without any success...
>>Can anyone give me hints on how I could get around this.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message