httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Axel-St├ęphane SMORGRAV <Axel-Stephane.SMORG...@europe.adp.com>
Subject RE: [users@httpd] More than one name-based vhost with SSL
Date Wed, 04 Jan 2006 16:40:10 GMT
The same server certificate is presented by both sites and the CN does not match any of the
FQDN. Therefore you get a security warning on both URLs. That's what's wrong.

The requests will always be served by the first (default) NVH which IP address/port matches
the VirtualHost definition regardless of ServerName. Therefore, the certificate presented
to the client will always be the one defined by CertificatePath or CertificateFile in that
particular virtual host. 

If you define different log files for each of your named virtual hosts, you will be able to
see that for yourself.

-ascs

-----Original Message-----
From: Steffen Ronalter [mailto:steffen@ronalter.de] 
Sent: Wednesday, January 04, 2006 5:30 PM
To: users@httpd.apache.org
Subject: [users@httpd] More than one name-based vhost with SSL

Hi!

First: I've read the docs and now I know that it can't work.

But my setup seems to work: check it out!

https://ronalter.de
https://grundfunk.de

both are on the same machine with only one IP address.

What's the fault in my thought?

My config:

----------------------------------------------------------------
NameVirtualHost *:443

<VirtualHost *:443>
ServerName grundfunk.de
ServerName grundfunk.de
ServerAlias www.grundfunk.de
DocumentRoot /var/www/grundfunk
SSLEngine on
SSLCertificateFile    /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
</VirtualHost>

<VirtualHost *:443>
ServerName ronalter.de
ServerAlias www.ronalter.de
ServerAdmin webmaster@ronalter.de
DocumentRoot /var/www/ronalter
SSLEngine on
SSLCertificateFile    /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
</VirtualHost>
----------------------------------------------------------------

Thanks for your help!

Steffen.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message