httpd.conf

Wondering if some kind soul could help me. I already
have 3 name based
virtual hosts set up correctly. Now I'm in the process
of creating a SSL
host which I have successfully done. The problem I am
having is that all the
normal virtual hosts as a result have been SSL
readable as well.
Where as they once were ok http://localhost, they are
now also viewable as
https://localhost also which I do not want. My SSL
section is below along
with 1 virtual host :





# This is for mod_ssl. SSLEngine off
ServerName localhost
DocumentRoot /path
ServerAdmin root@localhost
ServerSignature email



##
## SSL Virtual Host Context
##

# Apache will only listen on port 80 by default.
Defining the virtual
server
# (below) won't make it automatically listen on the
virtual server's port.
Listen 443
# SSL Session Cache:
# The cache speeds up processing of multiple
parallel requests from
# the same client.
SSLSessionCache shm:/var/cache/ssl_gcache_data(524288)




ServerName secure
DocumentRoot /path/to/secure
ServerAdmin root@localhost
ServerSignature email
SSLEngine on
SSLCertificateFile
/etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile
/etc/httpd/conf/ssl.key/server.key





http://www.sold.com.au - SOLD.com.au
- Find yourself a bargain!
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: httpd.conf

This is a multi-part message in MIME format.
--------------36EFEE22C929F496C6D79FCF
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Cuong Tran wrote:

> The problem I am
> having is that all the
> normal virtual hosts as a result have been SSL
> readable as well.

>
> # (below) won't make it automatically listen on the
> virtual server's port.
> Listen 443

Change the above to
Listen 192.168.0.3:443
that will get the result you desire.

later
John

--------------36EFEE22C929F496C6D79FCF
Content-Type: text/x-vcard; charset=us-ascii;
name="jwo.vcf"
Content-Description: Card for John Ott
Content-Disposition: attachment;
filename="jwo.vcf"
Content-Transfer-Encoding: 7bit

begin:vcard
n:Ott;John
tel;pager:202 688 9735
tel;cell:301 502 4356
tel;work:202 687 8929
x-mozilla-html:FALSE
org:Georgetown University;UIS-SNS
version:2.1
email;internet:jwo@georgetown.edu
title:UNIX Systems Programmer
adr;quoted-printable:;;304E St. Mary's Hall 3800 Reservoir Road, NW;Washington ;DC;20007;USA
x-mozilla-cpt:;-13752
fn:John Ott
end:vcard

--------------36EFEE22C929F496C6D79FCF--

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: httpd.conf

Thanks for the tip John,

But that shuts down port 443 altogether. I still need
it open for my 1 SSL host


ServerName secure
DocumentRoot /path
ServerAdmin root@localhost
ServerSignature email
# Turning the 3 below on is VERY important
SSLEngine on
SSLCertificateFile
/etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile
/etc/httpd/conf/ssl.key/server.key
# must manually create file first
SSLLogFile
/var/www/html/WEBSITES/SITE2/logs/ssl.log



--- John Ott wrote: > Cuong Tran
wrote:
>
> > The problem I am
> > having is that all the
> > normal virtual hosts as a result have been SSL
> > readable as well.
>
> >
> > # (below) won't make it automatically listen on
> the
> > virtual server's port.
> > Listen 443
>
> Change the above to
> Listen 192.168.0.3:443
> that will get the result you desire.
>
> later
> John
> > begin:vcard
> n:Ott;John
> tel;pager:202 688 9735
> tel;cell:301 502 4356
> tel;work:202 687 8929
> x-mozilla-html:FALSE
> org:Georgetown University;UIS-SNS
> version:2.1
> email;internet:jwo@georgetown.edu
> title:UNIX Systems Programmer
> adr;quoted-printable:;;304E St. Mary's
> Hall 3800 Reservoir Road, NW;Washington
> ;DC;20007;USA
> x-mozilla-cpt:;-13752
> fn:John Ott
> end:vcard
>

http://www.sold.com.au - SOLD.com.au
- Find yourself a bargain!
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: httpd.conf

I notice that your virtual hosts are all using the ip address of your
machine, but your testing example uses http://localhost/
It's probably worth pointing out that localhost usually resolves to
127.0.0.1 which is not the same thing as your machine's ip address.
Try testing against https://192.168.0.3/


Cuong Tran wrote:

>Thanks for the tip John,
>
>But that shuts down port 443 altogether. I still need
>it open for my 1 SSL host
>
>
> ServerName secure
> DocumentRoot /path
> ServerAdmin root@localhost
> ServerSignature email
> # Turning the 3 below on is VERY important
> SSLEngine on
> SSLCertificateFile
>/etc/httpd/conf/ssl.crt/server.crt
> SSLCertificateKeyFile
>/etc/httpd/conf/ssl.key/server.key
> # must manually create file first
> SSLLogFile
>/var/www/html/WEBSITES/SITE2/logs/ssl.log
>
>
>
> --- John Ott wrote: > Cuong Tran
>wrote:
>
>
>>> The problem I am
>>>having is that all the
>>>normal virtual hosts as a result have been SSL
>>>readable as well.
>>>
>>>
>>># (below) won't make it automatically listen on
>>>
>>>
>>the
>>
>>
>>>virtual server's port.
>>>Listen 443
>>>
>>>
>>Change the above to
>>Listen 192.168.0.3:443
>>that will get the result you desire.
>>
>>later
>>John
>>
>>
>>>begin:vcard
>>>
>>>
>>n:Ott;John
>>tel;pager:202 688 9735
>>tel;cell:301 502 4356
>>tel;work:202 687 8929
>>x-mozilla-html:FALSE
>>org:Georgetown University;UIS-SNS
>>version:2.1
>>email;internet:jwo@georgetown.edu
>>title:UNIX Systems Programmer
>>adr;quoted-printable:;;304E St. Mary's
>>Hall 3800 Reservoir Road, NW;Washington
>>;DC;20007;USA
>>x-mozilla-cpt:;-13752
>>fn:John Ott
>>end:vcard
>>
>>
>>
>
>http://www.sold.com.au - SOLD.com.au
>- Find yourself a bargain!
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: httpd.conf

Hi Peter,

The IP adressess all work fine. Is there a command
that shuts out SSL for normal virtual hosts?
I tried putting "SSLEngine off" in the normal host
container but https://normalhost still shows.

--- Peter Viertel
wrote: > I notice that your virtual hosts are all
using the
> ip address of your
> machine, but your testing example uses
> http://localhost/
> It's probably worth pointing out that localhost
> usually resolves to
> 127.0.0.1 which is not the same thing as your
> machine's ip address.
> Try testing against https://192.168.0.3/
>
>
> Cuong Tran wrote:
>
> >Thanks for the tip John,
> >
> >But that shuts down port 443 altogether. I still
> need
> >it open for my 1 SSL host
> >
> >
> > ServerName secure
> > DocumentRoot /path
> > ServerAdmin root@localhost
> > ServerSignature email
> > # Turning the 3 below on is VERY important
> > SSLEngine on
> > SSLCertificateFile
> >/etc/httpd/conf/ssl.crt/server.crt
> > SSLCertificateKeyFile
> >/etc/httpd/conf/ssl.key/server.key
> > # must manually create file first
> > SSLLogFile
> >/var/www/html/WEBSITES/SITE2/logs/ssl.log
> >
> >
> >
> > --- John Ott wrote: > Cuong
> Tran
> >wrote:
> >
> >
> >>> The problem I am
> >>>having is that all the
> >>>normal virtual hosts as a result have been SSL
> >>>readable as well.
> >>>
> >>>
> >>># (below) won't make it automatically listen on
> >>>
> >>>
> >>the
> >>
> >>
> >>>virtual server's port.
> >>>Listen 443
> >>>
> >>>
> >>Change the above to
> >>Listen 192.168.0.3:443
> >>that will get the result you desire.
> >>
> >>later
> >>John
> >>
> >>
> >>>begin:vcard
> >>>
> >>>
> >>n:Ott;John
> >>tel;pager:202 688 9735
> >>tel;cell:301 502 4356
> >>tel;work:202 687 8929
> >>x-mozilla-html:FALSE
> >>org:Georgetown University;UIS-SNS
> >>version:2.1
> >>email;internet:jwo@georgetown.edu
> >>title:UNIX Systems Programmer
> >>adr;quoted-printable:;;304E St. Mary's
> >>Hall 3800 Reservoir Road, NW;Washington
> >>;DC;20007;USA
> >>x-mozilla-cpt:;-13752
> >>fn:John Ott
> >>end:vcard
> >>
> >>
> >>
> >
> >http://www.sold.com.au - SOLD.com.au
> >- Find yourself a bargain!
>
>___________________________________________________________ ___________
> >Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> >User Support Mailing List
> modssl-users@modssl.org
> >Automated List Manager
> majordomo@modssl.org
> >
> >
>
>
____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> User Support Mailing List
> modssl-users@modssl.org
> Automated List Manager
majordomo@modssl.org

http://www.sold.com.au - SOLD.com.au
- Find yourself a bargain!
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org