httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Axel-St├ęphane SMORGRAV <Axel-Stephane.SMORG...@europe.adp.com>
Subject RE: [users@httpd] Problem when mixing NameVirtualHost + non with SSL - "Oops, no RSA or DSA server certificate found?!"
Date Wed, 07 Dec 2005 08:30:35 GMT
The combination of name-based virtual hosting and SSL cannot possibly work. Normally, in such
a configuration the request will be handled by the first of the virtual hosts that match the
IP:port of the request regardless of the ServerName.

I believe that if you execute "apachectl configtest", or alternatively "$HTTPD -t -D DUMP_VHOSTS
-f /path/to/httpd.conf", you will get an overview of all the configured virtual hosts:

bash-2.03$  apachectl configtest
VirtualHost configuration:
192.168.1.10:443      sweetn.sour.com (/u01/apachetest/conf/custom.conf:82)
192.168.1.11:*        is a NameVirtualHost
         default server labelle16.toto.fr (/u01/apachetest/conf/custom.conf:20)
         port * namevhost labelle16.toto.fr (/u01/apachetest/conf/custom.conf:20)
Syntax OK
bash-2.03$ 

This might give you a clue as to what is happening and why you get the error. However, again,
SSL and name-based virtual hosting does not work because the Host header cannot possibly be
known to the server until the SSL session has been established, and the SSL session needs
a certificate to be established and for that purpose needs to know the value of the host header
in order to know what certificate to use. 

It's a catch 22...

-ascs


-----Original Message-----
From: Nick Burch [mailto:nick@torchbox.com] 
Sent: Tuesday, December 06, 2005 7:53 PM
To: users@httpd.apache.org
Subject: [users@httpd] Problem when mixing NameVirtualHost + non with SSL - "Oops, no RSA
or DSA server certificate found?!"

Hi

I'm having trouble when trying to combine NameVirtualHosting on one SSL 
IP, and per-IP virtual hosting for others.

My ideal setup is:
    NameVirtualHost *:80 (lots of virtual hosts)
    NameVirtualHost 192.168.1.50:443 (2 virtual hosts, 1 wildcard
               certificate used for both virtual hosts)

    VirtualHost's on 192.168.1.51:443, 192.168.1.52:443

Under this configuration, when I try to start apache, it fails with
"[error] Oops, no RSA or DSA server certificate found?!". Even under 
Debug, it fails to tell me which certificate it hit this on.


If I run it with only one virtual host active on 192.168.1.50:443 (the SSL 
NameVirtualHost), everything works fine. I can access all 3 SSL sites.

If I disable the SSL virtual hosts on 192.168.1.51:443 and 
192.168.1.52:443, everything works fine. I can access both the SSL sites 
on 192.168.1.50, and the name virtual hosting behaves as expected.

As soon as I try with both name and non name SSL virtual hosts, apache 
fails to start with:
"[error] Oops, no RSA or DSA server certificate found?!"


Is this a known problem? Can anyone suggest any workarounds (other than 
not using name virtual hosting on that one IP)?

Thanks
Nick

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message