Re: virtual hosting and ssl

Michael Grant Mon, 06 May 2002 13:35:39 -0700


> While we're on this topic...
> Owen Boyle wrote .... on 01.03.26 
> 
> "This question comes up so often it ought to be in the .sig of the list... ", and 
> this ends with "Use different port numbers for different SSL hosts".
> 
> I personally don't know what the .sig would mean, but the last comment 
> intriques me.  
> 
> By using different IP ports ... might something like the following work?
> For example:

I have made this work, however there are drawbacks to this solution.

1) you need at least 2 certs, one for the virtual hosting server and
the second one for the client (in our example, server.cert and
acme.com.cert).  If you used self-signed certs, the user is asked
TWICE to accept the cert, one for the server.cert and secondly for the 
acme.com cert.

2) when you contact https://acme.com, what you end up with in the
browser's location is actually "https://acme.com:8443";.  If someone
bookmarks this and you rearrange your port numbers, they're screwed.


<VirtualHost 192.168.1.1:443>
        ServerAdmin [EMAIL PROTECTED]
        ServerName acme.com
        Redirect / https://acme.com:8443
        SSLCertificateFile /path/to/original/server.cert 
        SSLCertificateKeyFile /path/to/original/server.key
</VirtualHost>

<VirtualHost 192.168.1.1:443>
        ServerAdmin [EMAIL PROTECTED]
        ServerName perigee.com
        Redirect / https://perigee.com:8444
        SSLCertificateFile /path/to/original/server.cert 
        SSLCertificateKeyFile /path/to/original/server.key
</VirtualHost>


<VirtualHost 192.168.1.1:8443>
        ServerAdmin [EMAIL PROTECTED]
        ServerName acme.com
        DocumentRoot /var/www/acme.com
        SSLCertificateFile /path/to/original/acme.com.cert 
        SSLCertificateKeyFile /path/to/original/acme.com.key
</VirtualHost>

<VirtualHost 192.168.1.1:8444>
        ServerAdmin [EMAIL PROTECTED]
        ServerName perigee.com
        DocumentRoot /var/www/perigee.com
        SSLCertificateFile /path/to/original/perigee.com.cert 
        SSLCertificateKeyFile /path/to/original/perigee.com.key
</VirtualHost>


By the way, in putting this email together, I actually tried this on
my server (with different names).  One thing I did not get working was 
using this in conjunction with VirtualDocumentRoot like this:

(replace first 2 virtual hosts above with this)
<VirtualHost 192.168.1.1:443>
        ServerAdmin [EMAIL PROTECTED]
        ServerName server.com
        VirtualDocumentRoot /www/%0
        Redirect /www/acme.com https://acme.com:8443
        Redirect /www/perigee.com https://perigee.com:8444
        SSLCertificateFile /path/to/original/server.cert 
        SSLCertificateKeyFile /path/to/original/server.key
</VirtualHost>

I could never get this to follow the redirects.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
Re: virtual hosting and ssl

Reply via email to
