httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Krist van Besien <krist.vanbes...@gmail.com>
Subject Re: [users@httpd] apache with 2 SSL Certs Problem
Date Sat, 14 Nov 2009 14:37:21 GMT
On Fri, Nov 13, 2009 at 7:58 PM, Randy Paries <rtparies@gmail.com> wrote:
> On Fri, Nov 13, 2009 at 12:26 PM, Krist van Besien
> <krist.vanbesien@gmail.com> wrote:
>> On Fri, Nov 13, 2009 at 6:14 PM, Randy Paries <rtparies@gmail.com> wrote:
>>> also i have this in my httpd
>>> NameVirtualHost 216.186.190.101:80
>>> NameVirtualHost 216.186.190.106:80
>>> NameVirtualHost 216.186.190.101:443
>>
>> You probably don't need these.
>>
>> I asume you have your one SSL host on 216.186.190.101 and another on
>> 216.186.190.106 ?
>>
>> Krist
>>
>
> so i tried to re-issue my cert so the file names are a little different.
>
> so here is where i am now
>
> two domains:
> 1) unitfaces.com is supposed to have the real cert
> 2)yumasnowbirds.com is suppose to have the self signed cert
>
> <VirtualHost 216.186.190.101:443>
>    ServerAdmin webmaster@mydomain.com
>    DocumentRoot /home/unitfaces/
>
>    ServerName www.unitfaces.com
>    ServerAlias unitfaces.com
>
>    ErrorLog logs/unitfacesSSL.com-error_log
>    CustomLog logs/unitfacesSSL.com-access_log combined
>
>    SSLEngine on
>    SSLCertificateFile /etc/httpd/conf/ssl.crt/www.unitfaces.com.crt
>    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.calgary.key
>
> </VirtualHost>
>
> <VirtualHost 216.186.190.106:443>
>    ServerAdmin webmaster@mydomain.com
>    DocumentRoot /home/yumasnowbirds/
>
>    ServerName www.yumasnowbirds.com
>    ServerAlias yumasnowbirds.com
>
>    ErrorLog logs/yumasnowbirdsSSL.com-error_log
>    CustomLog logs/yumasnowbirdsSSL.com-access_log combined
>
>    SSLEngine on
>    SSLCertificateFile /etc/httpd/conf/ssl.crt/www.yumasnowbirds.com.crt
>    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.calgary.key
>
> </VirtualHost>

That looks all OK to me.

>
> here is some more info
> if i do
> #openssl s_client -connect www.unitfaces.com:443 -showcerts
> i see (btw , i have no idea where it is getting this info??)
> CONNECTED(00000003)
> depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
> verify return:1

This is all info from the certificate. It appears that unitfaces.com
has a self signed certificate. You can verify this with:
openssl x509 -in /etc/httpd/conf/ssl.crt/www.unitfaces.com.crt -text
(dot this on your sever...)

I think that some of your assumption about what's in
www.unitfces.com.crt might be wrong...

Krist



-- 
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message