Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 8th December 2005, 06:59
Creator1326 Creator1326 is offline
Junior Member
 
Join Date: Dec 2005
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Apache2 and multiple SSL configs and name based virtual hosting

Apache/2.0.55 DAV/2 PHP/5.0.4 mod_ssl/2.0.55 OpenSSL/0.9.7i

I have two virtual hosts that need SSL certs and I have them configured but which ever one is listed is the one that sends out it's cert and overrides the other SSL config.

I have tried to place IfDefines around the two SSL virtual hosts but still a no go, I can't figure out how to separate them to keep the SSL certs from overlapping. Any Ideas?

above them are some related stuff and not necessarily in this order:
Listen 172.16.0.2:80
Listen 172.16.0.2:443
NameVirtualHost 172.16.0.2:80
NameVirtualHost 172.16.0.2:443

AcceptMutex flock
SSLProtocol all
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/opt/apache2/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex flock:/opt/apache2/logs/ssl_mutex
SSLRandomSeed startup builtin

here's a one of the two SSL vhosts both are subdomains of two diffferent domains.

<VirtualHost host.domain.org:443>
# General setup for the virtual host
DocumentRoot /opt/apache2/htdocs/host
#ServerName has to match the server you entered into the CSR
ServerName host.domain.org
ServerAdmin webmaster@domain.org
ErrorLog logs/host-error_log
TransferLog logs/host-access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol all
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL
# Path to your certificates and private key
SSLCertificateFile /opt/apache2/conf/ssl.crt/host.crt
SSLCertificateKeyFile /opt/apache2/conf/ssl.key/host.key
SSLCACertificateFile /opt/apache2/conf/ssl.crt/ca.crt
<Files ~ "\.(cgi|shtml|phtml|php3?|php5?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /opt/apache2/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# correction for browsers that don't always handle SSL connections well
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
Reply With Quote
Sponsored Links
  #2  
Old 8th December 2005, 12:06
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,001
Thanks: 840
Thanked 5,650 Times in 4,460 Posts
Default

Are the hosts on different IP addresses? Apache supports only one SSL vhost for each IP address.
Reply With Quote
  #3  
Old 8th December 2005, 17:52
Creator1326 Creator1326 is offline
Junior Member
 
Join Date: Dec 2005
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Ahh that was it, that's pretty dumb that you can only have one SSL per IP.
Reply With Quote
  #4  
Old 10th December 2005, 17:35
themachine themachine is offline
Senior Member
 
Join Date: Oct 2005
Location: Texas, USA
Posts: 109
Thanks: 0
Thanked 0 Times in 0 Posts
Default

hmmm... no, not really. There is a reason for this limitation... it's not as if that just decided "hey, lets piss everyone off and make them use a unique IP"....
__________________
themachine
5dollarwhitebox.org
Reply With Quote
  #5  
Old 31st October 2006, 12:20
xinea xinea is offline
Junior Member
 
Join Date: Oct 2006
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default apache..ssl vhost..one ip @

Quote:
Originally Posted by till
Are the hosts on different IP addresses? Apache supports only one SSL vhost for each IP address.
i'm working on apache2 and i have created 2 ssl vhost for one IP @.. it works!.. i don't know if it is applicable with apache1.3..

i know it has been a year since this question was asked.. maybe u knew it before now...

anyway,
Reply With Quote
  #6  
Old 31st October 2006, 12:32
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,001
Thanks: 840
Thanked 5,650 Times in 4,460 Posts
Default

Quote:
Originally Posted by xinea
i'm working on apache2 and i have created 2 ssl vhost for one IP @.. it works!.. i don't know if it is applicable with apache1.3..

i know it has been a year since this question was asked.. maybe u knew it before now...
Which exact apache version do you use?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 31st October 2006, 12:49
xinea xinea is offline
Junior Member
 
Join Date: Oct 2006
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default apache version

Quote:
Originally Posted by till
Which exact apache version do you use?
Apache 2.0.54 (Debian GNU/Linux)
Reply With Quote
  #8  
Old 1st November 2006, 17:56
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
Default

Quote:
Originally Posted by xinea
i'm working on apache2 and i have created 2 ssl vhost for one IP @.. it works!
If you do it this way, you'll always see warnings in your browser.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 2nd November 2006, 09:08
xinea xinea is offline
Junior Member
 
Join Date: Oct 2006
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Question

did u mean like these warnings on apache server console?

>>[Thu Nov 02 06:10:22 2006] [warn] NameVirtualHost 192.168.2.2:443 has no VirtualHosts
[Thu Nov 02 06:10:22 2006] [warn] NameVirtualHost 192.168.2.2:443 has no VirtualHosts<<

if so, may i ask: does this affect the situation? i meant the security level?

or the usual browser warning when moving from http to https? if so, u're absolutely right!

Last edited by xinea; 2nd November 2006 at 09:13.
Reply With Quote
  #10  
Old 2nd November 2006, 10:26
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,001
Thanks: 840
Thanked 5,650 Times in 4,460 Posts
 
Default

These are no SSL warnings. I guess falko meaned that you get a SSL security warning in your browser thet the domain of your SSL certificate does not match the domain of the vhost.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 08:52.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.