httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Angus" <mdan...@psychtest.com>
Subject [users@httpd] Question about setting up secure service
Date Tue, 02 May 2006 13:24:40 GMT
Dear All: sorry for the length of this -- I am an SSL newbie and need a bit of install advice.


We have a windows environment, and have installed Apache2.0.55 with SSL support plus openSSL.
We have one dedicated IP address which is currently shared by two name-based virtual hosts.
I want to set up a secure subdirectory of one of these domains, in which I can place my e-commerce
web-store (and later, possibly some online services). My router is assigned to forward the
incoming port 80 and port 443 to the box with IP 192.168.1.2 which has apache on it.

I bought a certificate from a CA and attempted to set up the SSL.conf to give me another virtual
server -- but so far no joy. I can't seem to get port 443 virtual service https://www.psychtest.com
to work alongside port 80 service http://www.psychtest.com 

The instructions from the CA I dealt with were brief, and upon following them, the setup didn't
work. A call to their customer support indicates that the CA lets me secure a specific subdomain,
BUT they also want a unique dedicated internet ip address before letting me secure a "subdomain"
with one of their certs. 

Is there a different CA or some way I can to secure a subdirectory or subdomain without getting
another dedicated IP address? Can anybody tell me what is the best way to set up for us?

below is my ssl.conf
------------------------------------------------
<IfDefine SSL>

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  file:logs/ssl_mutex

<VirtualHost 192.168.1.2:443>
#<VirtualHost *:443> (doesn't work)
#<VirtualHost _default_:443> 

DocumentRoot "C:/Homepage/secure"

<Directory "C:/Homepage/secure">
    SSLRequireSSL
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

# 3 fiels sent to me from the CA
SSLCertificateFile C:/Homepage/Certs/www.psychtest.com.crt
SSLCertificateKeyFile C:/Homepage/Certs/MyCertifcate.key
SSLCertificateChainFile C:/Homepage/Certs/sf_issuing.crt

SSLVerifyDepth  5

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "C:\Program Files\Apache Group\Apache2\cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>                                  

</IfDefine>

Mime
View raw message