HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Apache2 and multiple SSL configs and name based virtual hosting (http://www.howtoforge.com/forums/showthread.php?t=1585)

Creator1326 8th December 2005 06:59

Apache2 and multiple SSL configs and name based virtual hosting
 
Apache/2.0.55 DAV/2 PHP/5.0.4 mod_ssl/2.0.55 OpenSSL/0.9.7i

I have two virtual hosts that need SSL certs and I have them configured but which ever one is listed is the one that sends out it's cert and overrides the other SSL config.

I have tried to place IfDefines around the two SSL virtual hosts but still a no go, I can't figure out how to separate them to keep the SSL certs from overlapping. Any Ideas?

above them are some related stuff and not necessarily in this order:
Listen 172.16.0.2:80
Listen 172.16.0.2:443
NameVirtualHost 172.16.0.2:80
NameVirtualHost 172.16.0.2:443

AcceptMutex flock
SSLProtocol all
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/opt/apache2/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex flock:/opt/apache2/logs/ssl_mutex
SSLRandomSeed startup builtin

here's a one of the two SSL vhosts both are subdomains of two diffferent domains.

<VirtualHost host.domain.org:443>
# General setup for the virtual host
DocumentRoot /opt/apache2/htdocs/host
#ServerName has to match the server you entered into the CSR
ServerName host.domain.org
ServerAdmin webmaster@domain.org
ErrorLog logs/host-error_log
TransferLog logs/host-access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol all
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL
# Path to your certificates and private key
SSLCertificateFile /opt/apache2/conf/ssl.crt/host.crt
SSLCertificateKeyFile /opt/apache2/conf/ssl.key/host.key
SSLCACertificateFile /opt/apache2/conf/ssl.crt/ca.crt
<Files ~ "\.(cgi|shtml|phtml|php3?|php5?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /opt/apache2/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# correction for browsers that don't always handle SSL connections well
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>

till 8th December 2005 12:06

Are the hosts on different IP addresses? Apache supports only one SSL vhost for each IP address.

Creator1326 8th December 2005 17:52

Ahh that was it, that's pretty dumb that you can only have one SSL per IP.

themachine 10th December 2005 17:35

hmmm... no, not really. There is a reason for this limitation... it's not as if that just decided "hey, lets piss everyone off and make them use a unique IP".... ;)

xinea 31st October 2006 12:20

apache..ssl vhost..one ip @
 
Quote:

Originally Posted by till
Are the hosts on different IP addresses? Apache supports only one SSL vhost for each IP address.

i'm working on apache2 and i have created 2 ssl vhost for one IP @.. it works!.. i don't know if it is applicable with apache1.3..

i know it has been a year since this question was asked.. maybe u knew it before now...

anyway,

till 31st October 2006 12:32

Quote:

Originally Posted by xinea
i'm working on apache2 and i have created 2 ssl vhost for one IP @.. it works!.. i don't know if it is applicable with apache1.3..

i know it has been a year since this question was asked.. maybe u knew it before now...

Which exact apache version do you use?

xinea 31st October 2006 12:49

apache version
 
Quote:

Originally Posted by till
Which exact apache version do you use?

Apache 2.0.54 (Debian GNU/Linux)

falko 1st November 2006 17:56

Quote:

Originally Posted by xinea
i'm working on apache2 and i have created 2 ssl vhost for one IP @.. it works!

If you do it this way, you'll always see warnings in your browser.

xinea 2nd November 2006 09:08

did u mean like these warnings on apache server console?

>>[Thu Nov 02 06:10:22 2006] [warn] NameVirtualHost 192.168.2.2:443 has no VirtualHosts
[Thu Nov 02 06:10:22 2006] [warn] NameVirtualHost 192.168.2.2:443 has no VirtualHosts<<

if so, may i ask: does this affect the situation? i meant the security level?

or the usual browser warning when moving from http to https? if so, u're absolutely right!

till 2nd November 2006 10:26

These are no SSL warnings. I guess falko meaned that you get a SSL security warning in your browser thet the domain of your SSL certificate does not match the domain of the vhost.


All times are GMT +2. The time now is 13:43.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.