HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   SSL VirtualHost oddity (http://www.howtoforge.com/forums/showthread.php?t=48047)

AubreyKilian 18th August 2010 11:01

SSL VirtualHost oddity
 
Hi All,

I'm experiencing an odd issue with enabling the first SSL'd host on ISPConfig 3. So far, all the virtualhosts were configured to use "*" as the IP Number, so all VHosts have "*:80" in the apache config files.

I just created a new virtualhost that I want to have an SSL certificate on, on which I need to specify the server's IP number as the VirtualHost's IP.
This works 100% perfectly, the vhost comes up, SSL works, perfect.
BUT, what also happens is that every single other virtualhost on the server ends up rendering the SSL'd virtualhost's content. As soon as I change the IP number in ISPConfig back to "*", all the other virtualhosts work as expected, and the new SSL'd one gives an SSL cert error "Issuer not trusted", as it's not picking up the virtualhost's cert, but the server's self-signed one.

I have 2 Listen statements in httpd.conf, one for port 80, one for port 443. I also have 4 NameVirtualHost lines, the *:80 and *:443 ones, and then also the xxx.xxx.xxx.xxx:80 and xxx.xxx.xxx.xxx:443 ones.

This is likely an Apache config issue and not an ispconfig one, but I was just wondering if anybody else has come across this issue before and what the solution was?

Thanks
-Aubrey

giovinazzo 19th August 2010 05:51

I am running a fresh install of 3.0.2.2 on Ubuntu 9.10 and I think that I am also experiencing the same problem, but I don't know the solution yet.
I created 2 certificates for 2 vhosts via the web interface, but as soon as I created the second one, accessing the first domain points to the last certificate that was created.
If I restart apache it tells me that there is a certificate conflict on the SSL port.
Any help would be appreciated.

AubreyKilian 19th August 2010 07:57

Quote:

Originally Posted by giovinazzo (Post 236844)
I am running a fresh install of 3.0.2.2 on Ubuntu 9.10 and I think that I am also experiencing the same problem, but I don't know the solution yet.
I created 2 certificates for 2 vhosts via the web interface, but as soon as I created the second one, accessing the first domain points to the last certificate that was created.
If I restart apache it tells me that there is a certificate conflict on the SSL port.
Any help would be appreciated.

Not sure it's the same problem as I'm experiencing, you need to remember that each SSL'd virtualhost needs its own IP number on your server, are you specifying a second IP number for your second virtualhost?

-Aubrey

AubreyKilian 19th August 2010 15:43

*Solved* SSL VirtualHost Oddity
 
Quote:

Originally Posted by AubreyKilian (Post 236749)
Hi All,

This is likely an Apache config issue and not an ispconfig one, but I was just wondering if anybody else has come across this issue before and what the solution was?

As I suspected, this was indeed not an ISPConfig problem, but an Apache/mod_ssl problem.
The default mod_ssl config file added a virtualhost called "_default_:443" - which took precedence over my new virtualhost that I created.
The _default_ one didn't have any documentroot or path information, just some SSL settings, including details for a server certificate. This information was picked up first.

Solution: Comment out/remove the whole _default_:443 virtualhost from the mod_ssl config file (/etc/httpd/conf.d/ssl.conf in my case on Centos 5)


All times are GMT +2. The time now is 16:02.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.