httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid...@pidster.com>
Subject Re: [users@httpd] apache and ssl
Date Thu, 29 Jun 2006 13:36:55 GMT
Does anyone else think that this is wrong?

        SSLCertificateFile /etc/apache2/ssl/certs/sitename.com.crt
        SSLCertificateKeyFile /etc/apache2/ssl/keys/sitename.com.key
     >> SSLCACertificateFile /etc/apache2/ssl/root/sitename.com.crt

It looks like you're telling it that the Certificate Authority is the
same file as the Certificate itself.  I could be wrong tho.



As regards to the VHost defs: it depends what you've got in front of the
server in the way of DNS or loadbalancers.

Your domain name can only resolve to point at one IP address (unless
you're using load balancers or proxies etc etc).  So any request for the
SSL port of demo.sitename.com is going to arrive at the same IP as the
port 80 connection.

http://demo.sitename.com  > IP1
https://demo.sitename.com > Still IP1


(Have you set "NameVirtualHost" or not?)



Dave Henderson wrote:
> I am wondering if the virtual host definitions are wrong.  Can I do the
> following (even though the ServerName options have the same value)?  Can
> I use the IP addresses like I have done below?
> 
> 
> <VirtualHost 192.168.0.12:80>
>         ServerAdmin webmaster@sitename.com
>         ServerName demo.sitename.com
>         DocumentRoot /var/www/sitename.com/demo
> 
>         #   This should be changed to whatever you set DocumentRoot to.
>         <Directory /var/www/sitename.com/demo>
>                 Options Indexes Includes
>                 AllowOverride Options
>                 Order allow,deny
>                 Allow from all
>         </Directory>
>         ErrorLog /var/log/apache2/sitename.com/demo/error.log
>         CustomLog /var/log/apache2/sitename.com/demo/access.log common
>         CustomLog /var/log/apache2/sitename.com/demo/referer.log referer
>         CustomLog /var/log/apache2/sitename.com/demo/agent.log agent
> 
>         # Possible values: debug, info, notice, warn, error, crit,
> alert, emerg.
>         LogLevel warn
> 
>         ServerSignature On
> </VirtualHost>
> 
> 
> <VirtualHost 192.168.0.13:443>
>         ServerAdmin webmaster@sitename.com
>         ServerName demo.sitename.com
>         DocumentRoot /var/www/sitename.com/demo/ssl
> 
>         #   SSL specifications
>         SSLEngine On           
>         SSLCertificateFile /etc/apache2/ssl/certs/sitename.com.crt
>         SSLCertificateKeyFile /etc/apache2/ssl/keys/sitename.com.key
>         SSLCACertificateFile /etc/apache2/ssl/root/sitename.com.crt
>         SSLCipherSuite SSLv2:+HIGH:+MEDIUM           
>         SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> 
> #       SSLVerifyClient require
> #       SSLVerifyDepth 1     
> #       CustomLog /var/log/apache2/ssl \ "%t %h %{SSL_PROTOCOL}x
> %{SSL_CIPHER}x$
> #       <Location /ssl>
> #               SSLCipherSuite SSLv2:+HIGH:+MEDIUM
> #               SSLVerifyClient require
> #               SSLVerifyDepth 1
> #       </Location>
> 
>         #   This should be changed to whatever you set DocumentRoot to.
>         <Directory /var/www/sitename.com/demo/ssl>
>                 Options Indexes Includes
>                 AllowOverride Options
>                 Order allow,deny
>                 Allow from all
>         </Directory>
>         ErrorLog /var/log/apache2/sitename.com/demo/error.log
>         CustomLog /var/log/apache2/sitename.com/demo/access.log common
>         CustomLog /var/log/apache2/sitename.com/demo/referer.log referer
>         CustomLog /var/log/apache2/sitename.com/demo/agent.log agent
> 
>         # Possible values: debug, info, notice, warn, error, crit,
> alert, emerg.
>         LogLevel warn
> 
>         ServerSignature On
> </VirtualHost>
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message