If this is tough to get into the FAQ, being it is asked weekly, perhps it can be added to the footer of list messages?
Thanks, Ron DuFresne On Sat, 15 Mar 2003, Jeff wrote: > Actually, the answer is RTFM.. > > You can not have multiple SSL vhosts responding to one IP/port > combination.. The FIRST SSL vhost will ALWAYS respond when making the > connection.. This is due to how the protocol works.. > > Refer http://marc.theaimsgroup.com/?l=apache-modssl&m=98576871506980&w=2 > for more info > > Rgds > Jeff > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, March 15, 2003 4:47 PM > Subject: Re: problem installing cert on virtual host > > > > On 14 Mar 2003 at 17:14, Dan McComb wrote: > > > > > Thanks Beau, > > > > > > Here's the pertinent bits (this file may look a bit strange -- it's a > > > Mac OS X Server conf file, but functions in almost every way like > > > traditional http.conf file): > > > [...] > > > > > > On Friday, March 14, 2003, at 04:58 PM, [EMAIL PROTECTED] wrote: > > > > > > > On 14 Mar 2003 at 16:20, Dan McComb wrote: > > > > > > > >> I've successfully installed one virtual host on my server to listen > on > > > >> port 443, and it's been running great. But when I added another > > > >> virtual > > > >> host directive to listen on same port further down in the file, I > find > > > >> that the first listener is the one that "picks up" the request. This > > > >> results in an error in IE: "the identity certificate name is not > > > >> correct." If I comment out the first virtual host, the problem > > > >> disappears and the second one works fine. I need them to work > > > >> together... > > > >> > > > >> Anyone know how can I configure my virtual hosts/httpd.conf to avoid > > > >> this problem? > > > >> > > > >> /dan mccomb > > > >> > > > > >> ---------------------------------------------------------------------- > > > >> -- > > > >> ------------ > > > >> > > > > [...] > > > > Hi - > > > > I see nothing wrong with your conf file. I have some > > suggestions: > > > > * since your SSL servers work one at a time, perhaps > > this is not an SSL problem. Remember, the first > > vhost is the 'default': any request that does > > not match a name (within that ip:port group) > > is sent to that first server. Why don't you comment > > out the SSL directives, change the ports to 80, > > and see if you can browse to each vhost? > > > > * in the same vein, is you bind (dns) server setup > > OK? > > > > * you may want to look at each server cert: > > > > openssl rsa -noout -text -in <whetever>.crt > > > > the subject CN should match the server name. > > > > * if you certs are self-signed, your browser > > will give you an error - that the CA is not > > recognized as trusted - but everything else > > should be OK if your CN matches the server > > name. > > > > Let me know how it goes... > > > > Aloha => Beau; > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
