You are rite Derek!
So i created 2 priv keys (in ../ssl.key/) n 2 server certs (in ../ssl.crt/)
for my 2 virtual hosts- using the ssleay commands. Reading the server certs
#ssleay x509 -noout -text -in <name>.crt gives 2 different cert contents.
Here is the prob:
In my httpd.conf file, I specifically point out each virtual host to their
respective cert n priv key:
<VirtualHost 1>
SSLCertificateFile /opt/apache/SSLapache_1.3.4/conf/ssl.crt/1.crt
SSLCertificateKeyFile /opt/apache/SSLapache_1.3.4/conf/ssl.key/1.key
</Virtual Host>
<VirtualHost 2>
SSLCertificateFile /opt/apache/SSLapache_1.3.4/conf/ssl.crt/2.crt
SSLCertificateKeyFile /opt/apache/SSLapache_1.3.4/conf/ssl.key/2.key
</VirtualHost>
Starting the SSL server even asks for each virtual host's respective password
(*as pointed out by Derek*).
Here is the prob:
On the browser, going on those 2 sites gives the SAME certificate info. More
precisely info on the virtual host listed first in the httpd.conf file. If i
place the <VirtualHost 2> ... </VirtualHost> BEFORE <VirtualHost 1> ...
</VirtualHost>, then both sites display the info on cert belonging to v host
2. Basically, which comes first have total control!
Testing with 1 virtual host at a time gives the proper result. URL 1 will
display cert info of virtual host 1. 2 will be 2. But putting those 2 virtual
hosts together, the first one listed in the httpd.conf will have priority and
total control!!!!!
N i can get in both sites even if the cert belonging to the respective server
doesnt correspond to that particular server.
Any idea why?
G.
Derek Smith wrote:
> Gilles,
>
> If all SSLEnabled Virtual Hosts use the same key/cert then the passphrase
> dialogue will only ask for one.
>
> Regards,
>
> Derek Smith
> System Administrator/Developer
> MotorTR@K - www.motortrak.com
>
> "Gilles L. Chong Hok Yuen" wrote:
>
> > Hi,
> > just a trivial question: why is it that only the last virtual host is
> > stated when starting ssl? Ive got a few virtual hosts and ive noticed
> > that only the last one (in the httpd.conf file) is displayed. Bit
> > intrigued ...
> >
> > "Apache/1.3.4 mod_ssl/2.2.3 (Pass Phrase Dialog)
> > Some of your private key files are encrypted for security reasons.
> > In order to read them you have to provide us with the pass phrases.
> >
> > Server tmcwork.cc21.com.sg:443
> > Enter pass phrase:
> >
> > Ok: Pass Phrase Dialog successful.
> > /opt/apache/SSLapache_1.3.4/bin/apachectl startssl: httpd started"
> >
> > G.
> > --
> > Gilles Chong ([EMAIL PROTECTED], [EMAIL PROTECTED])
> > Systems Engineer, Internet Division
> > CSA Automated Pte Ltd, Singapore.
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Gilles Chong ([EMAIL PROTECTED], [EMAIL PROTECTED])
Systems Engineer, Internet Division
CSA Automated Pte Ltd, Singapore.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
