httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Bakshi" <joyd...@infoservices.in>
Subject Re: [users@httpd] how to get multiple SSL with name based vhost ?
Date Tue, 01 Dec 2009 10:23:04 GMT
Boyle Owen wrote:
>> -----Original Message-----
>> From: J. Bakshi [mailto:joydeep@infoservices.in] 
>> Sent: Tuesday, December 01, 2009 10:53 AM
>> To: users@httpd.apache.org
>> Subject: Re: [users@httpd] how to get multiple SSL with name 
>> based vhost ?
>>
>> ... 
>>
>> Thank for your response. your assumption is correct. I am 
>> working in an
>> environment where the domain name is same.  Hence I am using the same
>> certificate. But the problem is with port.  apache 
>> complaining if it see
>> more name based vhost with port 443. I was using the config as below
>>     
>
> I think you are just getting a *warning* - if you test the sites it should "work"...
>
> That is to say, you will get an SSL session with the cert from VH1 then if you request
site1 all will be OK (no browser warnings sice site1 matches cert1). If you request site2,
you will get a browser warning since site2 doesn't match cert1, but otherwise the request
should succeed (since the SSL session is up by this time, apache can decrypt the request,
get the Host header and so go to the appropriate VH).
>
> If this is not happening, post back with a description of what *is* happening...
>   

Hello Boyle,

Thanks for your kind response.  I have just activated my second SSL
connection to generate the logs. Here it is

` ` `
[Tue Dec 01 11:38:31 2009] [warn] Init: SSL server IP/port conflict:
www.example1.de:443 (/etc/apache2/vhosts.d/blevti.opendingo.de.conf:34)
vs. example2.in:443 (/etc/apache2/vhosts.d/phpmyadmin.conf:5)

[Tue Dec 01 11:38:31 2009] [warn] Init: You should not use name-based
virtual hosts in conjunction with SSL!!
` ` `

What happen now,  the second vhost SSL does not complain but it goes to
the first vhost SSL and  " apache2ctl -S" displays the first one as the
default one.

` ` `

> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored. 
>
>   
>> ` ` ` `
>> Listen 443
>> NameVirtualHost  example1.de:443
>>
>> <VirtualHost  example1:443>
>> SSLEngine on
>> SSLCipherSuite HIGH:MEDIUM
>> SSLProtocol all -SSLv2
>> SSLCertificateFile /etc/apache2/myca/mars-server.crt
>> SSLCertificateKeyFile /etc/apache2/myca/mars-server.key
>> SSLCertificateChainFile /etc/apache2/myca/my-ca.crt
>> ServerName https://example1.de
>> ServerAlias https://example1.de
>>
>> DocumentRoot /srv/www/htdocs/blevti.opendingo.de
>> DirectoryIndex index.php
>> </VirtualHost>
>>
>>
>> NameVirtualHost  example2.de:443
>> <VirtualHost  example2:443>
>> SSLEngine on
>> SSLCipherSuite HIGH:MEDIUM
>> SSLProtocol all -SSLv2
>> SSLCertificateFile /etc/apache2/myca/mars-server.crt
>> SSLCertificateKeyFile /etc/apache2/myca/mars-server.key
>> SSLCertificateChainFile /etc/apache2/myca/my-ca.crt
>> ServerName https://example2.de
>> ServerAlias https://example2.de
>>
>> DocumentRoot /srv/www/htdocs/example2.de
>> DirectoryIndex index.php
>> </VirtualHost>
>> ` ` ` `
>>
>> but no luck
>>
>> -- 
>> জয়দীপ বক্সী
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP 
>> Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>     
>  
> This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. If you receive this message in error, please notify the
sender urgently and then immediately delete the message and any copies of it from your system.
Please also immediately destroy any hardcopies of the message. 
> The sender's company reserves the right to monitor all e-mail communications through
their networks.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>   


-- 
জয়দীপ বক্সী


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message