httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@six-group.com>
Subject RE: [users@httpd] how to get multiple SSL with name based vhost ?
Date Tue, 01 Dec 2009 10:01:16 GMT
> -----Original Message-----
> From: J. Bakshi [mailto:joydeep@infoservices.in] 
> Sent: Tuesday, December 01, 2009 10:53 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] how to get multiple SSL with name 
> based vhost ?
>
> ... 
> 
> Thank for your response. your assumption is correct. I am 
> working in an
> environment where the domain name is same.  Hence I am using the same
> certificate. But the problem is with port.  apache 
> complaining if it see
> more name based vhost with port 443. I was using the config as below

I think you are just getting a *warning* - if you test the sites it should "work"...

That is to say, you will get an SSL session with the cert from VH1 then if you request site1
all will be OK (no browser warnings sice site1 matches cert1). If you request site2, you will
get a browser warning since site2 doesn't match cert1, but otherwise the request should succeed
(since the SSL session is up by this time, apache can decrypt the request, get the Host header
and so go to the appropriate VH).

If this is not happening, post back with a description of what *is* happening...

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> ` ` ` `
> Listen 443
> NameVirtualHost  example1.de:443
> 
> <VirtualHost  example1:443>
> SSLEngine on
> SSLCipherSuite HIGH:MEDIUM
> SSLProtocol all -SSLv2
> SSLCertificateFile /etc/apache2/myca/mars-server.crt
> SSLCertificateKeyFile /etc/apache2/myca/mars-server.key
> SSLCertificateChainFile /etc/apache2/myca/my-ca.crt
> ServerName https://example1.de
> ServerAlias https://example1.de
> 
> DocumentRoot /srv/www/htdocs/blevti.opendingo.de
> DirectoryIndex index.php
> </VirtualHost>
> 
> 
> NameVirtualHost  example2.de:443
> <VirtualHost  example2:443>
> SSLEngine on
> SSLCipherSuite HIGH:MEDIUM
> SSLProtocol all -SSLv2
> SSLCertificateFile /etc/apache2/myca/mars-server.crt
> SSLCertificateKeyFile /etc/apache2/myca/mars-server.key
> SSLCertificateChainFile /etc/apache2/myca/my-ca.crt
> ServerName https://example2.de
> ServerAlias https://example2.de
> 
> DocumentRoot /srv/www/htdocs/example2.de
> DirectoryIndex index.php
> </VirtualHost>
> ` ` ` `
> 
> but no luck
> 
> -- 
> জয়দীপ বক্সী
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
 
This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. If you receive this message in error, please notify the
sender urgently and then immediately delete the message and any copies of it from your system.
Please also immediately destroy any hardcopies of the message. 
The sender's company reserves the right to monitor all e-mail communications through their
networks.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message