Re: mod_sll virtual hosts

Re: mod_sll virtual hosts

am 17.08.2002 14:59:21 von Ron Ridley

Try something like this using IP based virtual hosts:
Each one of your virtual hosts can have different SSL key material it points to.

#------------ This section only goes in the conf file once ---------------------
Port 80
ServerName domain.com
NameVirtualHost x.x.x.x

#--------------------- Domain.com -------------------------


ServerAdmin root@domain.com
DocumentRoot /home/httpd/html/
ServerName domain.com
ServerAlias domain.com www.domain.com
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog logs/domain.com_log combined
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/



ServerAdmin root@domain.com
DocumentRoot /home/httpd/html/
ServerName domain.com #name on certificate
SSLEngine on
SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca.crt
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLLog logs/ssl_engine_log
SSLLogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog logs/domain.com_log combined
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/



Repeat the domain.com section for the other domains you need.

-Ron

On 16 Aug 2002 19:17 CDT you wrote:

> When I try to load apache, I get the error:
> [Fri Aug 16 15:11:41 2002] [warn] NameVirtualHost zzzzzzzz:80 has no
> VirtualHosts
> [Fri Aug 16 15:11:41 2002] [warn] NameVirtualHost yyyyyyyyyy:80 has no
> VirtualHosts
> [Fri Aug 16 15:11:41 2002] [warn] NameVirtualHost xxxxxxxxxxx:80 has no
> VirtualHosts
> /usr/local/apache/bin/apachectl startssl: httpd could not be started
>
> contrary to what it says, http runs, but without ssl and I have virtualhosts
> for each namevirtualhost.
>
> How should I make my virtual hosts work with mod_sll? Can someone please
> provide a example?
>
>
> --
> Iuri Fiedoruk
> Santa Maria, RS, Brazil
>
> GnuPG Key fingerprint = 9D5F 7FA6 EF2C 6A5E 914F E01B 9434 AA7D 032B 240F
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: mod_sll virtual hosts

am 17.08.2002 16:21:36 von Cliff Woolley

On Sat, 17 Aug 2002, Ron Ridley wrote:

> Try something like this using IP based virtual hosts: Each one of your
> virtual hosts can have different SSL key material it points to.
> #------------ This section only goes in the conf file once ---------------------
> Port 80
> ServerName domain.com
> NameVirtualHost x.x.x.x
> #--------------------- Domain.com -------------------------
>


Um, if I'm following this discussion correctly, I believe this advice is
mistaken. NameVirtualHost's can *NOT* be used with SSL. Every name-based
vhost would in reality get the certificate of the first one listed in the
config file.

Please see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ToC47 .

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: mod_sll virtual hosts

am 17.08.2002 16:26:39 von Iuri Fiedoruk

Em Sab 17 Ago 2002 11:21, Cliff Woolley escreveu:
> On Sat, 17 Aug 2002, Ron Ridley wrote:
> > Try something like this using IP based virtual hosts: Each one of your
> > virtual hosts can have different SSL key material it points to.
> > #------------ This section only goes in the conf file once
> > --------------------- Port 80
> > ServerName domain.com
> > NameVirtualHost x.x.x.x
> > #--------------------- Domain.com -------------------------
> >
>
> Um, if I'm following this discussion correctly, I believe this advice is
> mistaken. NameVirtualHost's can *NOT* be used with SSL. Every name-based
> vhost would in reality get the certificate of the first one listed in the
> config file.
>
> Please see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ToC47 .
>

Hum, but in case all the virtualhosts are related (as in my case) this would
not matter much.
But in case not, this would be a really problem.
Thanks for your advice.

>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

--
Iuri Fiedoruk
Santa Maria, RS, Brazil

GnuPG Key fingerprint = 9D5F 7FA6 EF2C 6A5E 914F E01B 9434 AA7D 032B 240F
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org