httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] SSL + name-based virtual host
Date Wed, 09 May 2007 17:43:00 GMT
On 5/9/07, Liz Kim <lizkim270@gmail.com> wrote:

> <IfModule mod_ssl.c>
>     Include conf.d/ssl.conf
> </IfModule>
>
> /*......*/
>
> NameVirtualHost OUR_IP_ADDRESS:80
>
>  <VirtualHost OUR_IP_ADDRESS:443>
>  ServerName    NAME1.com
>   DocumentRoot  /var/www/html1
>  </VirtualHost>
>
>
>  <VirtualHost OUR_IP_ADDRESS:80>
>   ServerName    NAME2.com
>   DocumentRoot /var/www/html2
>  </VirtualHost>
>
>
>  <VirtualHost OUR_IP_ADDRESS:80>
>   ServerName    NAME3.com
>   DocumentRoot /var/www/html3
>  </VirtualHost>
>  =================================
> where conf.d/ssl.conf file contains all the appropriate codes for enabling
> SSL - loading the module, certificate and key definitions, etc.
> However, when I do this, http://www.NAME1.com will point to
> http://www.NAME2.com and https://www.NAME1.com does not work.
> The certificate is issued to NAME1.com which is also the name of the
> server....
>
> Any help would be greatly appreciated!!!
> Are there any easy to follow guides on how to ssl enable name-based virtual
> hosts?

In general, you can't have SSL with name-based virtual hosts, because
the ssl negotiation happens before the name is known.

It is hard to tell exactly what you are trying to achieve, but you CAN
have a bunch of non-ssl name-based virtual hosts plus ONE ssl virtual
host on the same server.

What you have doesn't work for two reasons:

1. You removed the non-ssl (port 80) virtual host for name1.com. You
need to put that back and have the port 443 virtual host as a separate
<VirtualHost> block.

2. Instead of using conf.d/ssl.conf, just put the ssl directives
directly inside the <VirtualHost IP:443>. If you look inside ssl.conf,
you'll probably find it is defining a separate <VirtualHost> block
which is being ignored due to your <VirtualHost IP:443>.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message