On 15 Mar 2003 at 17:12, Jeff wrote: > Actually, the answer is RTFM.. > > You can not have multiple SSL vhosts responding to one IP/port > combination.. The FIRST SSL vhost will ALWAYS respond when making the > connection.. This is due to how the protocol works.. > > Refer http://marc.theaimsgroup.com/?l=apache-modssl&m=98576871506980&w=2 > for more info
Thanks Jeff - upon redoing my tests I found that I was getting the first 443 server also; I found the info here: http://httpd.apache.org/docs- 2.0/ssl/ssl_faq.html#vhosts Aloha => Beau; > > Rgds > Jeff > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, March 15, 2003 4:47 PM > Subject: Re: problem installing cert on virtual host > > > > On 14 Mar 2003 at 17:14, Dan McComb wrote: > > > > > Thanks Beau, > > > > > > Here's the pertinent bits (this file may look a bit strange -- it's a > > > Mac OS X Server conf file, but functions in almost every way like > > > traditional http.conf file): > > > [...] > > > > > > On Friday, March 14, 2003, at 04:58 PM, [EMAIL PROTECTED] wrote: > > > > > > > On 14 Mar 2003 at 16:20, Dan McComb wrote: > > > > > > > >> I've successfully installed one virtual host on my server to listen > on > > > >> port 443, and it's been running great. But when I added another > > > >> virtual > > > >> host directive to listen on same port further down in the file, I > find > > > >> that the first listener is the one that "picks up" the request. This > > > >> results in an error in IE: "the identity certificate name is not > > > >> correct." If I comment out the first virtual host, the problem > > > >> disappears and the second one works fine. I need them to work > > > >> together... > > > >> > > > >> Anyone know how can I configure my virtual hosts/httpd.conf to avoid > > > >> this problem? > > > >> > > > >> /dan mccomb > > > >> > > > > >> ---------------------------------------------------------------------- > > > >> -- > > > >> ------------ > > > >> > > > > [...] > > > > Hi - > > > > I see nothing wrong with your conf file. I have some > > suggestions: > > > > * since your SSL servers work one at a time, perhaps > > this is not an SSL problem. Remember, the first > > vhost is the 'default': any request that does > > not match a name (within that ip:port group) > > is sent to that first server. Why don't you comment > > out the SSL directives, change the ports to 80, > > and see if you can browse to each vhost? > > > > * in the same vein, is you bind (dns) server setup > > OK? > > > > * you may want to look at each server cert: > > > > openssl rsa -noout -text -in <whetever>.crt > > > > the subject CN should match the server name. > > > > * if you certs are self-signed, your browser > > will give you an error - that the CA is not > > recognized as trusted - but everything else > > should be OK if your CN matches the server > > name. > > > > Let me know how it goes... > > > > Aloha => Beau; > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
