On Sat, 1 Mar 2003, Domenico Andreoli wrote:

> ---------------- CUT HERE ------------------------------
> # ...
> SSLEngine on
> SSLCertificateFile /etc/apache/ssl.crt/server.crt
> SSLCertificateKeyFile /etc/apache/ssl.key/server.key
>
> <VirtualHost _default_:*>
> </VirtualHost>
> # ...
> ---------------- CUT HERE ------------------------------

It ought to look like this:

<VirtualHost foo:443>
SSLEngine on
SSLCertificateFile ...
SSLCertificateKeyFile ...
</VirtualHost>

Note that your use of the certificate and key across all virtual hosts,
whether by putting it in the server-wide config or by putting it in
VirtualHost _default_:*, won't generally work.  Your clients will get
errors when they try to browse to your site if the hostname doesn't match
the one stored in the certificate, for example.  You should have a
different certificate/key pair for every hostname on which you wish to run
SSL.  And of course each of those virtual hosts needs to be on a unique
IP:port pair--no name-based virtual hosting.

--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to