Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.8e DAV/2 PHP/5.2.3
Not sure if this belongs here or in another mailing list (apache). I like to know how I can setup subdomains with a wildcard certificate? 1) Originally I had a couple of websites with ssl (https), each site with its own ip-address and its own certificate. In an attempt to save on IP-addresses, I thought that subdomains and a wildcard certificate would allow me to use one ip-address (and therefore name-based virtual hosting). Is this the correct assumption? If it's correct, please read on. If this is not correct, what to do to get it working? 2) I've created a self-signed wildcard certificate. When I (re)start apache, the following warnings occur: [Wed Nov 14 07:34:33 2007] [warn] RSA server certificate CommonName (CN) `*.lbtd-techweb01' does NOT match server name!? [Wed Nov 14 07:34:33 2007] [warn] RSA server certificate CommonName (CN) `*.lbtd-techweb01' does NOT match server name!? [Wed Nov 14 07:34:33 2007] [warn] Init: SSL server IP/port conflict: cc.lbtd-techweb01:443 (/etc/httpd/extra/httpd-ssl.conf:52) vs. tac.lbtd-techweb01:443 (/etc/httpd/extra/httpd-ssl.conf:79) [Wed Nov 14 07:34:33 2007] [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!! [Wed Nov 14 07:34:33 2007] [notice] Digest: generating secret for digest authentication ... [Wed Nov 14 07:34:33 2007] [notice] Digest: done [Wed Nov 14 07:34:34 2007] [warn] RSA server certificate CommonName (CN) `*.lbtd-techweb01' does NOT match server name!? [Wed Nov 14 07:34:34 2007] [warn] RSA server certificate CommonName (CN) `*.lbtd-techweb01' does NOT match server name!? [Wed Nov 14 07:34:34 2007] [warn] Init: SSL server IP/port conflict: cc.lbtd-techweb01:443 (/etc/httpd/extra/httpd-ssl.conf:52) vs. tac.lbtd-techweb01:443 (/etc/httpd/extra/httpd-ssl.conf:79) How do I get rid of the first 2 warnings (and the repeats later on for different subdomains)? Something I did wrong while creating the certificate? I do understand the cause of the third warning (and its repeats). This would imply that wildcard certificates and subdomains using name-based virtual hosting are not possible. Any way that I can work around this? This is (part of) my /etc/httpd/extra-httpd-ssl.conf NameVirtualHost *:443 Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/run/httpd/ssl_scache(512000) SSLSessionCacheTimeout 300 SSLMutex file: /var/run/httpd/ssl_mutex #no space between colon and first / # command centre #<VirtualHost _default_:443> <VirtualHost *:443> DocumentRoot "/home/cc/www/ils/web" ServerName cc.lbtd-techweb01 #ServerAlias cc.lbtd-techweb01 ServerAdmin [EMAIL PROTECTED] ErrorLog /var/log/httpd/error_log TransferLog /var/log/httpd/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/certificates/lbtd-techweb01.crt SSLCertificateKeyFile /etc/httpd/certificates/lbtd-techweb01.key BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 <Directory "/home/cc/www/ils/web"> Order allow,deny Allow from all </Directory> </VirtualHost> Wim Sturkenboom _________________________________________________________________________________________________________________ Information contained in any e-mail or attachment from Multichoice Africa (Pty) Ltd (MCA) is confidential and may also be privileged or protected by other legal rules or law. You should not disseminate, distribute or copy this e-mail. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of MCA. Employees of MCA are expressly required not to make defamatory statements and not to infringe or authorise any infringement of copyright or any other legal right by email communications. Any such communication is contrary to MCAs policy and outside the scope of the employment of the individual concerned. MCA will not accept any liability in respect of such communication, and the employee responsible will be personally liable for any damages or other liability arising from such communication. _________________________________________________________________________________________________________________ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]