Hi All...
I have searched and searched to no solution.
First of all, here is my setup:
FreeBSD 3.4-REL (yea, I know its kinda old) running Apache/1.3.12 (Unix)
mod_watch/2.1 PHP/4.0.1pl2 FrontPage/4.0.4.3 mod_ssl/2.6.5 OpenSSL/0.9.5a
I have several virtual hosts running on this machine. So far only one is
using SSL. It works great.
I am trying to setup another virtual host for use with its own SSL
information.
I successfully generated a .key file in /www/conf/ssl.key and a .csr for the
second domain.
I have successfully received the Certificate via e-mail from Geotrust. I
copied/pasted that into /www/conf/ssl.crt/domain2.crt
The first domain has a dedicated ip of xxx.xxx.xxx.5.... the second has a
dedicated ip of .44
I added the second domain's SSL entry into the httpd.conf, immediately after
the currently working ssl-enabled virtual host. I copied the exact
<virtualhost> entry for the second domain as is in use for the first one,
making only the minor changes to point to the correct SSL files:
<VirtualHost xxx.xxx.xxx.44:443>
DocumentRoot "/home/hosting/domain2/public_html"
ServerName secure.domain2.com
ServerAdmin [EMAIL PROTECTED]
ErrorLog /www/logs/domain2_error_log
TransferLog /www/logs/domain2.com
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /www/conf/ssl.crt/secure.domain2.com.crt
SSLCertificateKeyFile /www/conf/ssl.key/domain2_server.key
SSLCACertificatePath /www/conf/ssl.crt
SSLCACertificateFile /www/conf/ssl.crt/ca-bundle.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/home/hosting/domain2.com/public_html/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /www/logs/domain2_ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
I then did /www/bin/apachectl stop; /www/bin/apachectl startssl ... then I
checked the domain2 error log only to find:
[Sun Dec 16 04:19:30 2001] [error] mod_ssl: Init: (secure.domain2.com:443)
Ops, no RSA or DSA server certificate found?!
[Sun Dec 16 04:19:30 2001] [error] mod_ssl: Init: (secure.domain2.com:443)
You have to perform a *full* server restart when you added or removed a
certificate and/or key file
I did a ps aux but no instances of apache (httpd) had started. .apache will
only start if I comment out the SSLEngine On directive in domain2's
virtualhost entry. I have tried to comment out both SSLCA* directives in
domain2's virtual host entry but that didn't help.
With SSLEngine on commented out, I can connect to xxx.xxx.xxx.44 via port 80
but not via port 443... With it uncommented (no #), I get those errors in
the domain2 errorlog.
Any ideas?
-Mike
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
