httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "bfree@free-man.net" <bf...@free-man.net>
Subject Re: [users@httpd] mod_ssl and virtual host
Date Sun, 30 Jan 2011 19:26:45 GMT
got most everything working.
if have three ips
NameVirtualHost xx.xx.xx.32:80
NameVirtualHost xx.xx.xx.32:443

NameVirtualHost xx.xx.xx.34:80
NameVirtualHost xx.xx.xx.34:443

I have a domain that had ssl in the original 
NameVirtualHost(xx.xx.xx.32) it works great this operates off the 
default ssl defined in the ssl.conf.

I have a domain that is not in NameVirtualHost ( xx.xx.xx.32 or 
xx.xx.xx.34) but is a virtual host.
it is on its own IP the http works fine but the https gives a Unable to 
connect. the ssl is defined in the vitualhost
SSLCertificateFile /etc/pki.....
SSLCertificateKeyFile /etc/pki....

I have a domain that had ssl in the new NameVirtualHost(xx.xx.xx.34) on 
a seperate IP from the original NameVirtualHost http it works great but 
the https also gives Unable to connect. the ssl is defined in the vitualhost
SSLCertificateFile /etc/pki.....
SSLCertificateKeyFile /etc/pki....


since the http works in all cases this mean the IP are being recognized
since the ssl in the original NameVirtualHost works my configuration of 
the virtual hosts works.

I get no log for the ones that gives a Unable to connect.

any ideas where to look?

=========================
BJ Freeman
Strategic Power Office with Supplier Automation  <http://www.businessesnetwork.com/automation/viewforum.php?f=52>
Specialtymarket.com  <http://www.specialtymarket.com/>
Systems Integrator-- Glad to Assist

Chat  Y! messenger: bjfr33man
bfree@free-man.net sent the following on 1/28/2011 10:36 AM:

> thanks will see what I can do to make something work.
>
> =========================
> BJ Freeman
> Strategic Power Office with Supplier Automation
> <http://www.businessesnetwork.com/automation/viewforum.php?f=52>
> Specialtymarket.com <http://www.specialtymarket.com/>
> Systems Integrator-- Glad to Assist
>
> Chat Y! messenger: bjfr33man
>
> Igor Galić sent the following on 1/28/2011 9:34 AM:
>
>
>>
>> ----- "Martin Kuba"<makub@ics.muni.cz> wrote:
>>
>>> Dne 28.1.2011 02:51, bfree@free-man.net napsal(a):
>>>> The certificate is not trusted because it is self-signed.
>>>> The certificate is only valid for free-man.net
>>>>
>>>> what am I doing wrong?
>>>
>>> You can not use name-based virtual hosts for SSL if your Apache is
>>> older than 2.2.12
>>> or your OpenSSL does not support SNI or the client is MSIE on Windows
>>> XP.
>>>
>>> In other words, you need a separate IP address for each SSL
>>> certificate,
>>> because the SSL connection is established before the HTTP connection
>>> takes place
>>> and the server does not know which certificate to choose.
>>>
>>> See
>>> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts
>>> http://en.wikipedia.org/wiki/Server_Name_Indication
>>
>> Also see:
>> http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
>>
>>> Use IP-based virtual hosts instead.
>>>
>>> Cheers
>>>
>>> Martin
>>> --
>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>> Supercomputing Center Brno Martin Kuba
>>> Institute of Computer Science email: makub@ics.muni.cz
>>> Masaryk University http://www.ics.muni.cz/~makub/
>>> Botanicka 68a, 60200 Brno, CZ mobil: +420-603-533775
>>> --------------------------------------------------------------
>>
>> i
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message