View Single Post
  #1  
Old 9th November 2012, 18:52
max123 max123 is offline
Junior Member
 
Join Date: Nov 2012
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default ssl and multiple virtual hosts in apache

hi all,
ive read the stuff on apache and other posting on this topic but still cant seem to figure out what i'm doing wrong.
so i get that i cant use name based virtaul hosts for ssl. i also get that need to use a sp ip address for each virtual host configured in the httpd.conf.
so i do following :
but it doesnt work.
and i cant seem to figure out why cus from all the reading ive done i'm doing everything right.
i have an ip interface (.yyy) on physical machine with ip .xxx. i have therfore ip based virtual hosts as below and listen directives as below and a NameVirtualHost for each ip and port . But i still dont get apache to come up.
can anyone pt me to the possibly the obvious/or not so obvoius thing that i'm doing wrong?

my httpd.conf file is as below

... some irrelavant directives eg.
ServerRoot "APACHE_ROOT_DIR"
<IfModule !mpm_winnt.c>
<IfModule !mpm_netware.c>
#LockFile logs/accept.lock
</IfModule>
</IfModule>

<IfModule prefork.c>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 5000
</IfModule>
...
...then juicy stuff...
Listen 162.109.xx.xxx:9090
Listen 162.109.xx.yyy:9095
...


NameVirtualHost 162.109.xx.xxx:9090
NameVirtualHost 162.109.xx.yyy:9095

<VirtualHost 162.109.xx.xxx:9090>
ServerAdmin me@162.109.xx.xxx
DocumentRoot "/usr/local/AdventNet/WebNMS"
ServerName 162.109.xx.xxx
SSLEngine on
SSLCertificateFile /usr/local/AdventNet/WebNMS/apache/conf/ssl.crt/server.cer
SSLCertificateKeyFile /usr/local/AdventNet/WebNMS/apache/conf/ssl.crt/server.key
SSLCertificateChainFile /usr/local/AdventNet/WebNMS/apache/conf/ssl.crt/cachain.crt

</VirtualHost>

<VirtualHost 162.109.xx.yyy:9095>
DocumentRoot "/usr/local/AdventNet/virtual"
ServerAdmin me@162.109.xx.yyy
ServerName 162.109.xx.yyy
SSLEngine on
SSLCertificateFile /usr/local/AdventNet/WebNMS/apache/conf/ssl.crt/virtual/server.cer
SSLCertificateKeyFile /usr/local/AdventNet/WebNMS/apache/conf/ssl.crt/virtual/server.key
SSLCertificateChainFile /usr/local/AdventNet/WebNMS/apache/conf/ssl.crt/virtual/cachain.crt
</VirtualHost>

Include "TOMCAT_ROOT_DIR/conf/mod_jk.conf-nms"
Alias /perf/ 'WEBNMS_ROOT_DIR/webclient/perf/'
# Entry for blocking webclient directory from listing
<Directory "WEBNMS_ROOT_DIR/webclient">
# Tyco turned this off to match BT security standards - PR00217
# Options FollowSymLinks
AllowOverride None
</Directory>

JkMount /*.ajax ajp13
JkMount /*.spring ajp13


in ssl.conf i have following:

....taken out some comments to make the posting brief....
SSLPassPhraseDialog builtin

# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache none
#SSLSessionCache shmht:logs/ssl_scache(512000)
#SSLSessionCache shmcb:logs/ssl_scache(512000)
#SSLSessionCache dbm:logs/ssl_scache
#SSLSessionCacheTimeout 300

# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
#SSLMutex file:logs/ssl_mutex

# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512

##
## SSL Virtual Host Context
##



# General setup for the virtual host
#DocumentRoot "C:/Progra~1/AdventNet/WebNMS"
#ServerName GBA85WS2153
#ErrorLog logs/error_log
#TransferLog logs/access_log

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
#NA SSLEngine on

# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
#SSLCertificateFile /usr/local/apache_2.0.43/conf/ssl.crt/server.crt
#SSLCertificateFile /usr/local/apache_2.0.43/conf/ssl.crt/server-dsa.crt
#NA SSLCertificateFile conf/ssl.crt/server.cer
#SSLCertificateFile /usr/local/AdventNet/WebNMS/apache/conf/ssl.crt/server.cer
#SSLCertificateFile /usr/local/AdventNet/WebNMS/apache/conf/ssl.crt/virtual/server.cer

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
#SSLCertificateKeyFile /usr/local/apache_2.0.43/conf/ssl.key/server.key
#SSLCertificateKeyFile /usr/local/apache_2.0.43/conf/ssl.key/server-dsa.key
#NA SSLCertificateKeyFile conf/ssl.crt/server.key
#SSLCertificateKeyFile /usr/local/AdventNet/WebNMS/apache/conf/ssl.crt/server.key
#SSLCertificateKeyFile /usr/local/AdventNet/WebNMS/apache/conf/ssl.crt/virtual/server.key

# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /usr/local/apache_2.0.43/conf/ssl.crt/ca.crt
#SSLCertificateChainFile /usr/local/AdventNet/WebNMS/apache/conf/ssl.crt/cachain.crt
#SSLCertificateChainFile /usr/local/AdventNet/WebNMS/apache/conf/ssl.crt/virtual/cachain.crt


SSLOptions +StdEnvVars


SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0



also looking in apache error gte following:

[Thu Nov 08 13:38:50 2012] [info] Init: Seeding PRNG with 136 bytes of entropy
[Thu Nov 08 13:38:50 2012] [info] Loading certificate & private key of SSL-aware server
[Thu Nov 08 13:38:50 2012] [info] Loading certificate & private key of SSL-aware server
[Thu Nov 08 13:38:50 2012] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Thu Nov 08 13:38:51 2012] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Thu Nov 08 13:38:51 2012] [info] Init: Initializing (virtual) servers for SSL
[Thu Nov 08 13:38:51 2012] [info] Configuring server for SSL protocol
[Thu Nov 08 13:38:51 2012] [info] Configuring server for SSL protocol
[Thu Nov 08 13:38:51 2012] [info] mod_ssl/2.2.10 compiled against Server: Apache/2.2.10, Library: OpenSSL/0.9.7d
[Thu Nov 08 13:38:51 2012] [warn] No JkShmFile defined in httpd.conf. Using default /usr/local/AdventNet/WebNMS/apache/logs/jk-runtime-status
[Thu Nov 08 13:38:51 2012] [info] Init: Seeding PRNG with 136 bytes of entropy
[Thu Nov 08 13:38:51 2012] [info] Loading certificate & private key of SSL-aware server
[Thu Nov 08 13:38:51 2012] [info] Loading certificate & private key of SSL-aware server
[Thu Nov 08 13:38:51 2012] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Thu Nov 08 13:38:53 2012] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Thu Nov 08 13:38:53 2012] [info] Init: Initializing (virtual) servers for SSL
[Thu Nov 08 13:38:53 2012] [info] Configuring server for SSL protocol
[Thu Nov 08 13:38:53 2012] [info] Configuring server for SSL protocol
[Thu Nov 08 13:38:53 2012] [info] mod_ssl/2.2.10 compiled against Server: Apache/2.2.10, Library: OpenSSL/0.9.7d
[Thu Nov 08 13:38:53 2012] [warn] No JkShmFile defined in httpd.conf. Using default /usr/local/AdventNet/WebNMS/apache/logs/jk-runtime-status
[Thu Nov 08 13:38:53 2012] [notice] Digest: generating secret for digest authentication ...
[Thu Nov 08 13:38:53 2012] [notice] Digest: done
[Thu Nov 08 13:38:54 2012] [notice] Apache/2.2.10 (Unix) DAV/2 mod_ssl/2.2.10 OpenSSL/0.9.7d mod_jk/1.2.26 configured -- resuming normal operations
[Thu Nov 08 13:38:54 2012] [info] Server built: Oct 28 2008 10:34:09
[Thu Nov 08 13:39:34 2012] [info] [client 162.109.xxxxxx] Connection to child 0 established (server 162.109.xxxxx:443)
[Thu Nov 08 13:39:34 2012] [info] Seeding PRNG with 136 bytes of entropy
[Thu Nov 08 13:39:36 2012] [info] Initial (No.1) HTTPS request received for child 0 (server 162.109.xxxxx:443)
[Thu Nov 08 13:39:36 2012] [error] [client 162.109.xxxxx] File does not exist: /usr/local/AdventNet/WebNMS/unauthenticatedservlets/com.adventnet.nms.servlets.ConnectionCheckServlet
[Thu Nov 08 13:39:36 2012] [info] [client 162.109.xxxx] Connection to child 1 established (server 162.109.xxxx:443)
[Thu Nov 08 13:39:36 2012] [info] Seeding PRNG with 136 bytes of entropy
[Thu Nov 08 13:39:36 2012] [info] Initial (No.1) HTTPS request received for child 1 (server 162.109.xxxx:443)
[Thu Nov 08 13:39:36 2012] [error] [client 162.109.xxxx] File does not exist: /usr/local/AdventNet/WebNMS/unauthenticatedservlets/com.adventnet.nms.servlets.ConnectionCheckServlet
[Thu Nov 08 13:39:38 2012] [info] [client 162.109.xxxx] Connection closed to child 1 with standard shutdown (server 162.109.xxxx:443)
[Thu Nov 08 13:39:38 2012] [info] [client 162.109.xx.xxx] Connection closed to child 0 with standard shutdown (server 162.109.xx.xxx:443)
[Thu Nov 08 13:39:41 2012] [info] removed PID file /usr/local/AdventNet/WebNMS/apache/logs/httpd.pid (pid=11964)
[Thu Nov 08 13:39:41 2012] [notice] caught SIGTERM, shutting down
Reply With Quote
Sponsored Links