Illegal attempt to re-initialise SSL for server

--AqsLC8rIMeq19msA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

hi,

i'm able to get this error message with the following configuration
file fragment put in the global context:

---------------- CUT HERE ------------------------------
# ...
SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache/ssl.key/server.key



# ...
---------------- CUT HERE ------------------------------

without any VirtualHost diretive apache starts correctly with SSL on
every port it listens to.

as soon as i insert a VirtualHost directive, even if empty, apache
doesn't start and i get the error message in subject.

if i put the SSL directive into a VirtualHost everything works as usual.

i can reproduce it with different configuration files.

any advice?


thanks
cavok

-----[ Domenico Andreoli, aka cavok
--[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc
---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50

--AqsLC8rIMeq19msA
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+YNF5BneQM6IOvFARAtmEAKCYXPR7CbRM9YZ1ynlyZtgwECunQgCg qg+G
aBpNgiROxhavPdZdAbxzCGY=
=qf4D
-----END PGP SIGNATURE-----

--AqsLC8rIMeq19msA--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Illegal attempt to re-initialise SSL for server

On Sat, 1 Mar 2003, Domenico Andreoli wrote:

> ---------------- CUT HERE ------------------------------
> # ...
> SSLEngine on
> SSLCertificateFile /etc/apache/ssl.crt/server.crt
> SSLCertificateKeyFile /etc/apache/ssl.key/server.key
>
>
>
> # ...
> ---------------- CUT HERE ------------------------------

It ought to look like this:


SSLEngine on
SSLCertificateFile ...
SSLCertificateKeyFile ...


Note that your use of the certificate and key across all virtual hosts,
whether by putting it in the server-wide config or by putting it in
VirtualHost _default_:*, won't generally work. Your clients will get
errors when they try to browse to your site if the hostname doesn't match
the one stored in the certificate, for example. You should have a
different certificate/key pair for every hostname on which you wish to run
SSL. And of course each of those virtual hosts needs to be on a unique
IP:port pair--no name-based virtual hosting.

--Cliff
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Illegal attempt to re-initialise SSL for server

On Sat, 1 Mar 2003, Domenico Andreoli wrote:

> ps: may i quote your message? i'd like to include your reply to who
> reported the original problem (debian bug report #169083).

Sure! It's a public list after all. :)

--Cliff

------------------------------------------------------------ ---------
Cliff Woolley
Apache HTTP Server Project
Apache Software Foundation
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Illegal attempt to re-initialise SSL for server

--4Ckj6UjgE2iN1+kY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Mar 01, 2003 at 10:59:33AM -0500, Cliff Woolley wrote:
> It ought to look like this:
>=20
>
> SSLEngine on
> SSLCertificateFile ...
> SSLCertificateKeyFile ...
>
>=20
> Note that your use of the certificate and key across all virtual hosts,
> whether by putting it in the server-wide config or by putting it in
> VirtualHost _default_:*, won't generally work. Your clients will get
> errors when they try to browse to your site if the hostname doesn't match
> the one stored in the certificate, for example. You should have a
> different certificate/key pair for every hostname on which you wish to run
> SSL. And of course each of those virtual hosts needs to be on a unique
> IP:port pair--no name-based virtual hosting.
>=20
right right. this is not a issue because this configuration has not
any sense.

many thanks
cavok

ps: may i quote your message? i'd like to include your reply to who reported
the original problem (debian bug report #169083).

-----[ Domenico Andreoli, aka cavok
--[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc
---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50

--4Ckj6UjgE2iN1+kY
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+YN4VBneQM6IOvFARAh8uAKDvgpU4fJcMqnIwv/M6LiHkqWdULwCd GNuX
LTF8soXyAh/kVgW5ZRsz8qo=
=xbmA
-----END PGP SIGNATURE-----

--4Ckj6UjgE2iN1+kY--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org