Apache SSL Virtualhost problems

Apache SSL Virtualhost problems

Post by J. VerScha » Sat, 25 May 2002 06:31:14



NameVirtualHost *

<VirtualHost *:443>
    Port 443

    DocumentRoot  /usr/local/apache/htdocs/
    ErrorLog      logs/error_log
    CustomLog     logs/combined_log common
    ServerName    www.anything.com
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
</VirtualHost>
<VirtualHost *:443>
    Port 443

    DocumentRoot  /home/httpd/bob
    ServerName    secure.bob.com
    Alias /twiki/ "/home/httpd/bob/"
    ErrorLog      logs/bob-error_log
    CustomLog     logs/bob-combined_log common
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
</VirtualHost>

I would expect everything on https to go to /usr/local/apache/htdocs/
except for
stuff sent to secure.bob.com which should go to /home/httpd/bob.
However not true. Everything goes to the first, even the stuff for
secure.bob.com.  I tried replacing "*:443" on the first with
"_default_:443 but still no go.


[Thu May 23 15:56:55 2002] [warn] _default_ VirtualHost overlap on
port 443, the
first has precedence
Syntax OK

 
 
 

Apache SSL Virtualhost problems

Post by Nemesis Service » Sat, 25 May 2002 16:46:37


for bob.com it MUST have

<VirtualHost secure.bob.com:443>


> NameVirtualHost *

> <VirtualHost *:443>
>     Port 443

>     DocumentRoot  /usr/local/apache/htdocs/
>     ErrorLog      logs/error_log
>     CustomLog     logs/combined_log common
>     ServerName    www.anything.com
>     SSLEngine on
>     SSLCipherSuite

ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>     SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
>     SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
> </VirtualHost>
> <VirtualHost *:443>
>     Port 443

>     DocumentRoot  /home/httpd/bob
>     ServerName    secure.bob.com
>     Alias /twiki/ "/home/httpd/bob/"
>     ErrorLog      logs/bob-error_log
>     CustomLog     logs/bob-combined_log common
>     SSLEngine on
>     SSLCipherSuite

ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>     SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
>     SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
> </VirtualHost>

> I would expect everything on https to go to /usr/local/apache/htdocs/
> except for
> stuff sent to secure.bob.com which should go to /home/httpd/bob.
> However not true. Everything goes to the first, even the stuff for
> secure.bob.com.  I tried replacing "*:443" on the first with
> "_default_:443 but still no go.


> [Thu May 23 15:56:55 2002] [warn] _default_ VirtualHost overlap on
> port 443, the
> first has precedence
> Syntax OK



 
 
 

Apache SSL Virtualhost problems

Post by Dave Carriga » Sun, 26 May 2002 00:35:54



> NameVirtualHost *

Named virtual hosts and SSL don't play together. You can have only one
SSL host per IP/port combination. In addition, trying to use a cert that
doesn't match the name of the virtual host will cause all kinds of
browser warnings, so even if SSL and NVH did work, one or the other of
those hosts would not have a matching cert and the browsers would
complain mightily.

--

UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-DNS | BOWL"...
Seattle, WA, USA                            |
http://www.rudedog.org/                     |

 
 
 

1. Apache VirtualHost SSL problem

I am trying to configure apache so that  I have three domain names

bob.net
fred.net
harry.net

- I want bob.net and fred.net to listen for http requests on port 80.
- I want harry.net to listen for http requests on port 80 and https
requests on port 443.
- I want any requests for bob.net or fred.net on port 443 to be
dropped or redirected to some junk htdocs directory.

I have tried about a million different combinations similar to the one
below.  I cannot seem to get it to work.  Always it seems that every
https request for ANY virtualhost will get redirected to the *.443
section for harry.net.  Can someone please post an example of how to
do this?  Thanks.

<VirtualHost *:443>
    Port 443
    DocumentRoot  /home/bogus/htdcs
    ErrorLog      logs/error_log
    CustomLog     logs/combined_log common
</VirtualHost>
<VirtualHost *:443>
    Port 443

    DocumentRoot  /home/harry/www
    ServerName    harry.net
    ServerAlias   *.harry.net
    ErrorLog      logs/error_log
    CustomLog     logs/combined_log common
</VirtualHost>
<VirtualHost *>
    Port 80

    DocumentRoot  /home/harry/www
    ServerName    harry.net
    ServerAlias   *.harry.net
    ErrorLog      logs/error_log
    CustomLog     logs/combined_log common
</VirtualHost>
<VirtualHost *>
    Port 80

    DocumentRoot  /home/bob/www
    ServerName    bob.net
    ServerAlias   *.bob.net
    ErrorLog      logs/error_log
    CustomLog     logs/combined_log common
</VirtualHost>
<VirtualHost *>
    Port 80

    DocumentRoot  /home/fred/www
    ServerName    fred.net
    ServerAlias   *.fred.net
    ErrorLog      logs/error_log
    CustomLog     logs/combined_log common
</VirtualHost>

2. Style manager for CDE

3. 2 ssl certificates for 2 VirtualHost on one Apache web server

4. Please help me about a long-term PING test

5. Apache-SSL + Virtualhosts configuration

6. Strange minor problems with CD and 2.2.19

7. apache 1.2.6 + ssl + name based VirtualHost

8. Odd resolutions in X (eg. 896x672)

9. Question: Running Apache SSL and Apache non-SSL on one server

10. Apache-SSL and problems with SSL certificate

11. Apache-SSL won't compile: Can't find ssl.h!

12. Apache-ssl or mod-ssl?

13. Replacing SSL Certficates in Apache mod-ssl