Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 47993 invoked from network); 7 Dec 2005 08:31:13 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 7 Dec 2005 08:31:13 -0000 Received: (qmail 30599 invoked by uid 500); 7 Dec 2005 08:31:01 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 30564 invoked by uid 500); 7 Dec 2005 08:31:00 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 30553 invoked by uid 99); 7 Dec 2005 08:31:00 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Dec 2005 00:31:00 -0800 X-ASF-Spam-Status: No, hits=0.8 required=10.0 tests=DNS_FROM_RFC_ABUSE,PLING_QUERY X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [193.56.241.17] (HELO orsa.atos-infogerance.fr) (193.56.241.17) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Dec 2005 00:30:59 -0800 Received: from minotaure.atos-infogerance.fr ([193.56.47.17]) by orsa.atos-infogerance.fr (8.12.8/8.12.8) with ESMTP id jB78UcUb031052 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 7 Dec 2005 09:30:38 +0100 Received: from exchange2k301.gaia.fr (localhost.localdomain [127.0.0.1]) by minotaure.atos-infogerance.fr (8.12.8/8.12.8) with ESMTP id jB78UZIE018893 for ; Wed, 7 Dec 2005 09:30:36 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Wed, 7 Dec 2005 09:30:35 +0100 Message-ID: <8C29B2F93BAE9047A906EF6D6F9C5D43FE00B5@exchange2k301.gaia.fr> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [users@httpd] Problem when mixing NameVirtualHost + non with SSL - "Oops, no RSA or DSA server certificate found?!" Thread-Index: AcX6lkkeymG8enoDSX6z2dVTKo3kCwAbhfAQ From: =?iso-8859-1?Q?Axel-St=E9phane__SMORGRAV?= To: X-Virus-Checked: Checked by ClamAV on apache.org Subject: RE: [users@httpd] Problem when mixing NameVirtualHost + non with SSL - "Oops, no RSA or DSA server certificate found?!" X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N The combination of name-based virtual hosting and SSL cannot possibly = work. Normally, in such a configuration the request will be handled by = the first of the virtual hosts that match the IP:port of the request = regardless of the ServerName. I believe that if you execute "apachectl configtest", or alternatively = "$HTTPD -t -D DUMP_VHOSTS -f /path/to/httpd.conf", you will get an = overview of all the configured virtual hosts: bash-2.03$ apachectl configtest VirtualHost configuration: 192.168.1.10:443 sweetn.sour.com = (/u01/apachetest/conf/custom.conf:82) 192.168.1.11:* is a NameVirtualHost default server labelle16.toto.fr = (/u01/apachetest/conf/custom.conf:20) port * namevhost labelle16.toto.fr = (/u01/apachetest/conf/custom.conf:20) Syntax OK bash-2.03$=20 This might give you a clue as to what is happening and why you get the = error. However, again, SSL and name-based virtual hosting does not work = because the Host header cannot possibly be known to the server until the = SSL session has been established, and the SSL session needs a = certificate to be established and for that purpose needs to know the = value of the host header in order to know what certificate to use.=20 It's a catch 22... -ascs -----Original Message----- From: Nick Burch [mailto:nick@torchbox.com]=20 Sent: Tuesday, December 06, 2005 7:53 PM To: users@httpd.apache.org Subject: [users@httpd] Problem when mixing NameVirtualHost + non with = SSL - "Oops, no RSA or DSA server certificate found?!" Hi I'm having trouble when trying to combine NameVirtualHosting on one SSL=20 IP, and per-IP virtual hosting for others. My ideal setup is: NameVirtualHost *:80 (lots of virtual hosts) NameVirtualHost 192.168.1.50:443 (2 virtual hosts, 1 wildcard certificate used for both virtual hosts) VirtualHost's on 192.168.1.51:443, 192.168.1.52:443 Under this configuration, when I try to start apache, it fails with "[error] Oops, no RSA or DSA server certificate found?!". Even under=20 Debug, it fails to tell me which certificate it hit this on. If I run it with only one virtual host active on 192.168.1.50:443 (the = SSL=20 NameVirtualHost), everything works fine. I can access all 3 SSL sites. If I disable the SSL virtual hosts on 192.168.1.51:443 and=20 192.168.1.52:443, everything works fine. I can access both the SSL sites = on 192.168.1.50, and the name virtual hosting behaves as expected. As soon as I try with both name and non name SSL virtual hosts, apache=20 fails to start with: "[error] Oops, no RSA or DSA server certificate found?!" Is this a known problem? Can anyone suggest any workarounds (other than=20 not using name virtual hosting on that one IP)? Thanks Nick --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server = Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org