View Single Post
  #1  
Old 8th December 2005, 06:59
Creator1326 Creator1326 is offline
Junior Member
 
Join Date: Dec 2005
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Apache2 and multiple SSL configs and name based virtual hosting

Apache/2.0.55 DAV/2 PHP/5.0.4 mod_ssl/2.0.55 OpenSSL/0.9.7i

I have two virtual hosts that need SSL certs and I have them configured but which ever one is listed is the one that sends out it's cert and overrides the other SSL config.

I have tried to place IfDefines around the two SSL virtual hosts but still a no go, I can't figure out how to separate them to keep the SSL certs from overlapping. Any Ideas?

above them are some related stuff and not necessarily in this order:
Listen 172.16.0.2:80
Listen 172.16.0.2:443
NameVirtualHost 172.16.0.2:80
NameVirtualHost 172.16.0.2:443

AcceptMutex flock
SSLProtocol all
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/opt/apache2/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex flock:/opt/apache2/logs/ssl_mutex
SSLRandomSeed startup builtin

here's a one of the two SSL vhosts both are subdomains of two diffferent domains.

<VirtualHost host.domain.org:443>
# General setup for the virtual host
DocumentRoot /opt/apache2/htdocs/host
#ServerName has to match the server you entered into the CSR
ServerName host.domain.org
ServerAdmin webmaster@domain.org
ErrorLog logs/host-error_log
TransferLog logs/host-access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol all
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL
# Path to your certificates and private key
SSLCertificateFile /opt/apache2/conf/ssl.crt/host.crt
SSLCertificateKeyFile /opt/apache2/conf/ssl.key/host.key
SSLCACertificateFile /opt/apache2/conf/ssl.crt/ca.crt
<Files ~ "\.(cgi|shtml|phtml|php3?|php5?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /opt/apache2/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# correction for browsers that don't always handle SSL connections well
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
Reply With Quote
Sponsored Links