HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Multiple SSL site setup (http://www.howtoforge.com/forums/showthread.php?t=57969)

willko 17th July 2012 14:15

Multiple SSL site setup
 
Hi all,

Trying to set up a few SSL sites using SNI with ISPConfig 3.0.4.6 and Apache/2.2.3 ( first thought is apache version not high enough(2.2.12 minimum???).. If so how do I upgrade httpd to necessary version with CentOS 5.8 final as OS? Not seeing any RHEL related httpd versions available via yum...

I have SNI enabled via control panel and I'm pretty sure I've entered all the necessary conf file settings ( <VirtualHost *:443>, SSLEngine On,SSLCertificateFile, SSLCertificateKeyFile, ServerName, ServerAlias, ServerAdmin etc...)

I get these error messages via httpd error.log:
Code:

[Tue Jul 17 12:40:29 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Jul 17 12:40:29 2012] [warn] Init: SSL server IP/port conflict: siteone.co.uk:443 (/etc/httpd/conf/sites-enabled/100-siteone.co.uk.vhost:107) vs. sitetwo.com:443 (/etc/httpd/conf/sites-enabled/900-sitetwo.com.vhost:111)
[Tue Jul 17 12:40:29 2012] [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!

The certs are created and in correct directories and referenced...

Any ideas? Is the apache version the issue? More info needed?

Many thanks for help!!

pititis 17th July 2012 15:11

Hi,

Maybe your openssl was not compiled with tls support.

You can do an useful test. You can get some info running the phpinfo().

Code:

touch phpinfo.php
Edit it and add this:
Code:

<?php
 
phpinfo();
 
?>

Run the script
Code:

php phpinfo.php|grep SSL
Here is my output:

Code:

SSL => Yes
SSL Version => OpenSSL/0.9.8k
SSL Support => enabled
OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 0.9.8k 25 Mar 2009
OpenSSL Header Version => OpenSSL 0.9.8k 25 Mar 2009
OpenSSL support => enabled

OpenSSL 0.9.8k and later has this enabled by default

Cheers

willko 17th July 2012 15:31

Many thanks for the info/tip..

here's my output:
Code:

SSL => Yes
SSL Version =>  OpenSSL/0.9.8b
SSL Support => enabled
OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
OpenSSL Header Version => OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Native OpenSSL support => enabled

and this from YUM:
Code:

PM Group    : System Environment/Libraries
Source      : openssl-0.9.8e-22.el5_8.4.src.rpm
Build Time  : Tue May 29 18:28:29 2012
Install Time : Tue Jun 26 18:34:02 2012
License      : BSDish

I guess the issue might be the SSL version then? Any idea how I update this? No RHEL based repo updates/upgrades listed via YUM... Is there a repo I'm missing perhaps? Dependencies maybe an issue though ehh?

Found these links that seem relevant here and here

Seems to imply it would be better to jump up CentOS versions ( to 6.2 etc..)

Thanks again for the reply!! Much appreciated!


All times are GMT +2. The time now is 11:01.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.