httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philippe Veronneau <pveronn...@bluexpertise.com>
Subject Re: DNRE: [users@httpd] ServerName without the www
Date Tue, 26 Nov 2002 15:00:46 GMT
>
>
>I'm not sure what you mean by "associated with it" - that term is a bit
>vague. There are two things which have to match *exactly* for SSL to
>work without complaining. These are:
>
A whois made for ("somewhere.com") will get to us.

>
>1) The site has to have a unique fully-qualified domain name, like
>www.acme.com. Note that www.acme.com  and acme.com are two different
>FQDNs - even if they resolve to the same IP and even if they are aliases
>of the same site.
>
That's the core of the problem.

>
>2) The certificate has a "common name" which is built in when the
>certificate is created. This is usually like www.acme.com.
>
The certificate was created for "somewhere.com" and NOT "www.somewhere.com"

>For SSL to work properly, the site FQDN must exactly match the
>certificate Common Name. 
>
The domain name we paid for leads to "somewhere.com", there is no DNS 
server on the destination,
so basically, I wonder why "www.somewhere.com" even works when there's 
no DNS that knows what
to do with www. and the ServerName directive in the httpd.conf is set to 
somewhere.com.

>A consequence of this is that it makes no sense to have a ServerAlias on
>an SSL site (SSL sites have to be distinguishable based entirely on
>TCP/IP attributes, i.e. IP address and port name. The Host header is not
>used).
>
>It is not clear what FQDNs you have registered in DNS (i.e. do you have
>somewhere.com registered?). In any case, I am assuming you want to have
>HTTP on www.somewhere.com and HTTPS on somewhere.com. If so, this is
>port based virtual-hosting. You need:
>  
>
The FQDN is somewhere.com, the SSL cert commonname is somewhere.com and 
it's apache-ssl
from the debian port collection only listening on port 443 (server name 
set as somewhere.com)

>- www.somewhere.com -> your-IP-addr in DNS
>- somewhere.com -> your-IP-addr in DNS
>- SSL cert with CommonName = "somwhere.com"
>- plain HTTP VH, listening on port 80, ServerName = "www.somewhere.com"
>- HTTPS VH, listening on port 443, ServerName = "somewhere.com"
>
>Note that the HTTPS ServerName directive, while not used for VH
>recognition, is necessary to form redirect URLs.
>  
>
That's what basically I've been toying a lot.  Trying different global 
ServerName values, trying a lot
of vhost setting.

What I need would be only this part
ServerName =

NameVirtualHost=
<VirtualHost>
...
</VirtualHost>

>Rgds,
>
>Owen Boyle.
>  
>
Thanks for taking time to help here, It's appreciated.

>>Hi,
>>I configured an apache-ssl webserver that has a domain name 
>>"somewhere.com" associated with it.
>>When I try to access https://www.somewhere.com, my certificate whines 
>>about not behing meant for
>>www.somewhere.com but to somewhere.com instead.  I try to access 
>>https://somewhere.com but it
>>won't access it like I want it to do.  Because the certificate 
>>wants to 
>>see somewhere.com and not www.somewhere.com,
>>it is imperative that I get apache-ssl to work without the www. before 
>>the servername.
>>
>>I tried to name the servername only somewhere.com and tried 
>>also to make 
>>a virtualhost of somewhere.com
>>without any success...
>>
>>Can anyone give me hints on how I could get around this.
>>
>>Thanx.
>>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message