Gilles,
I belive that it is only possible to use IP based virtual hosts with SSL, so if
you are using name based, your problem may be to do with that.
Regards,
Derek.
"Gilles L. Chong Hok Yuen" wrote:
> You are rite Derek!
> So i created 2 priv keys (in ../ssl.key/) n 2 server certs (in ../ssl.crt/)
> for my 2 virtual hosts- using the ssleay commands. Reading the server certs
> #ssleay x509 -noout -text -in <name>.crt gives 2 different cert contents.
> Here is the prob:
> In my httpd.conf file, I specifically point out each virtual host to their
> respective cert n priv key:
>
> <VirtualHost 1>
> SSLCertificateFile /opt/apache/SSLapache_1.3.4/conf/ssl.crt/1.crt
> SSLCertificateKeyFile /opt/apache/SSLapache_1.3.4/conf/ssl.key/1.key
> </Virtual Host>
>
> <VirtualHost 2>
> SSLCertificateFile /opt/apache/SSLapache_1.3.4/conf/ssl.crt/2.crt
> SSLCertificateKeyFile /opt/apache/SSLapache_1.3.4/conf/ssl.key/2.key
> </VirtualHost>
>
> Starting the SSL server even asks for each virtual host's respective password
> (*as pointed out by Derek*).
>
> Here is the prob:
> On the browser, going on those 2 sites gives the SAME certificate info. More
> precisely info on the virtual host listed first in the httpd.conf file. If i
> place the <VirtualHost 2> ... </VirtualHost> BEFORE <VirtualHost 1> ...
> </VirtualHost>, then both sites display the info on cert belonging to v host
> 2. Basically, which comes first have total control!
> Testing with 1 virtual host at a time gives the proper result. URL 1 will
> display cert info of virtual host 1. 2 will be 2. But putting those 2 virtual
> hosts together, the first one listed in the httpd.conf will have priority and
> total control!!!!!
>
> N i can get in both sites even if the cert belonging to the respective server
> doesnt correspond to that particular server.
>
> Any idea why?
>
> G.
>
> Derek Smith wrote:
>
> > Gilles,
> >
> > If all SSLEnabled Virtual Hosts use the same key/cert then the passphrase
> > dialogue will only ask for one.
> >
> > Regards,
> >
> > Derek Smith
> > System Administrator/Developer
> > MotorTR@K - www.motortrak.com
> >
> > "Gilles L. Chong Hok Yuen" wrote:
> >
> > > Hi,
> > > just a trivial question: why is it that only the last virtual host is
> > > stated when starting ssl? Ive got a few virtual hosts and ive noticed
> > > that only the last one (in the httpd.conf file) is displayed. Bit
> > > intrigued ...
> > >
> > > "Apache/1.3.4 mod_ssl/2.2.3 (Pass Phrase Dialog)
> > > Some of your private key files are encrypted for security reasons.
> > > In order to read them you have to provide us with the pass phrases.
> > >
> > > Server tmcwork.cc21.com.sg:443
> > > Enter pass phrase:
> > >
> > > Ok: Pass Phrase Dialog successful.
> > > /opt/apache/SSLapache_1.3.4/bin/apachectl startssl: httpd started"
> > >
> > > G.
> > > --
> > > Gilles Chong ([EMAIL PROTECTED], [EMAIL PROTECTED])
> > > Systems Engineer, Internet Division
> > > CSA Automated Pte Ltd, Singapore.
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > > User Support Mailing List [EMAIL PROTECTED]
> > > Automated List Manager [EMAIL PROTECTED]
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
> --
> Gilles Chong ([EMAIL PROTECTED], [EMAIL PROTECTED])
> Systems Engineer, Internet Division
> CSA Automated Pte Ltd, Singapore.
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
