Re: Autostart apache /w mod_ssl from init.d ?
Simply do not create a PEM pass phrase, when you compile Apache. Greetings, Alex --- Dave <[EMAIL PROTECTED]> schrieb: > Hello, I am new to this mailing list, and I have browsed through the mail > archives and I can't seem to find an answer y/n to my question. > > I run Debian 2.2 and I have finally gotten everything setup with mod_ssl > and apache and everything appears to be running quite happily. My only > question is this: I noticed that when I started the binary 'perlhttpdctl > startssl' (mod_perl is compiled in as well), I was prompted for my PEM pass > phrase which I entered and all is well, but what happens when I reboot this > server? I am not always physically at the machine when it is rebooted or > powered down/up and I was wondering if there was a way I could automate > this through /etc/init.d (rc startup scripts)? > > If this question has already been addressed, I am sorry I must have missed > it in the archives. > > Thanks in advance. > > - > Dave __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: POST method with client authentication
Is this a ModSSL-Question? In Apache there is a directive called Limit where you can allow or disallow GET, POST, HEAD, ... As the Credentials are sent to .../examine.pl, because you have authenticated yourself successfully at .../private/, there should be no problem! GreetingX, Alex --- Angus Lee <[EMAIL PROTECTED]> schrieb: > Hi, > > I've installed OpenSA 1.0b3 on Windows 2000 Server. Everything in > http://localhost/cgi-bin/private need client authentication to access. When I use >the POST > method to post some form data to a CGI program >http://localhost/cgi-bin/private/examine.pl I got > the following error: > --- > 405 Method not allowed > > The method you attempted to use is not allowed for the resource identified by the >Request-URI. > That method is either disallowed or not supported on this resource. Common methods >are 'HEAD', > 'GET', 'POST', and 'PUT'. POST and PUT are frequently disabled, per resource, on >this server. > Perhaps you may request this resource using another method. 'GET' is available for >most > resources. > --- > > Does anyone know what wrong with my configuration? Can I use POST method with client > authentication? I know some people have asked similar question before, but is there >any way for > the Perl script to use client authentication and pass, say, about 1-2k form data to >that Perl > script? > > Please help me. Thank you. > > Angus Lee > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: http Standards
You find nearly all what you need at w3.org! HTTP 1.1: http://www.w3.org/Protocols/rfc2616/rfc2616.html GreetingX, Alex --- Alan Kong <[EMAIL PROTECTED]> schrieb: > Hi, > This is may not relate to this list. I am looking for the rfc's on http > protocol. I know where to find http 1.0 which is rfc1945. But where is > http 1.1... > > Sorry for the disturbance. > > Thank you. > > > Regards > Alan > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Did it pass?
I've done it too with one IP, BUT this only works with Subdomains and Wildcard-Certificates! GreetingX, Alex --- Are Hoel <[EMAIL PROTECTED]> schrieb: > At 10:28 06.09.2001 +0200, you wrote: > >That's the chicken and egg problem, you need a different IP > >for each SSL-based VirtualHost: > >http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 > > I have actually managed to get this working with only one IP :) > > Here's the settings from my conf file: > > > > ### SSL servers > > NameVirtualHost *:443 > > > # Put all the host info for the default host in here > > > > ServerName your.server.and.domain > # Then just fill in all the server info for that virtual host > > > > ServerName your.other.server.and.domain > # Then just fill in all the server info for that virtual host > > > > > I think you have to put the _default_ virtual host in the top to get it > working propperly... > > > ___ > Are Hoel > Mail: [EMAIL PROTECTED]Snail: Grøm Studenthjem, 321 >UIN: 4620387N-4877 Grimstad >Mob: +47 90724295 Norway > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Did it pass?
That's the chicken and egg problem, you need a different IP for each SSL-based VirtualHost: http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 GreetingX, Alex --- Aage Baardsen <[EMAIL PROTECTED]> schrieb: > I am not sure if my message passed through the mailing list. Thats > why i post it again. Sorry for any unconvenience it may cause. > > I have a problem with hosting more than one SSL based virtualhost. It seems > that the first one has precedence, and the rest (living on the same port) > don't get reached by the namebased virtualhosting. The log from modssl says > it pretty clearly: > > " Init: SSL server IP/port conflict: fqdn:443 (/usr/local/apache- > 1.3.20/conf/h > ttpd.conf:1066) vs. fqdn:443 (/usr/local/apache-1.3.20/conf/httpd.conf:1076) > [04/Sep/2001 08:39:18 07114] [warn] Init: You should not use name-based > virtual hosts in conjunction with SSL!! " > > The apache server hosts two domains which point to the same IP where the > actual namebased virtualhosting works fine, just not SSL based. > > Referencing to the log from ssl, is there any workaround for this? > > Apache/mod_ssl configuration: > > NameVirtualHost *:443 > > > DocumentRoot "/dir/ect/ory/htdocs" > ServerName fqdn > ServerAdmin user@localhost > SSLEngine on > SSLCipherSuite ALL:!ADH:! > EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > SSLCertificateFile /dir/ect/ory/cert/ssl.crt > SSLCertificateKeyFile /dir/etct/ory/cert/ssl.key > > SSLOptions +StdEnvVars > > > SSLOptions +StdEnvVars > > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > > > > Details: > > Apache/1.3.20 mod_ssl/2.8.4 OpenSSL/0.9.6, Linux 2.2. > > Any tip leading to the solution would be greatly appreciated! > > Have a nice day! > > Best regards, [mvh] > >> Aage Baardsen, System administrator >eSolutions Group AS, http://www.eSolutions.no >Phone: +47 22 01 56 17 | Cellular +47 957 25 817 > > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Serving HTTP & HTTPS in one VHost-Config?
But this will only work, if you have one VirtualHost! GreetingX, Alex --- Charles & Kathryn Brown <[EMAIL PROTECTED]> schrieb: > From the httpd.conf file: > > ### Section 2: 'Main' server configuration > # > # The directives in this section set up the values used by the 'main' > # server, which responds to any requests that aren't handled by a > # definition. These values also provide defaults for > # any containers you may define later in the file. > # > > Therefore, the following works; > > #...snip (a whole lot) > > DocumentRoot "/apache/htdocs" > > #...snip (a whole lot) > > Listen 80 > > > > Listen 443 > >SSLEngine on >SSLCertificateFile"/apache/conf/ssl.crt/snakeoil-rsa.crt" >SSLCertificateKeyFile "/apache/conf/ssl.key/snakeoil-rsa.key" > > > --CB > __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: How Can I enable IDEA and RC2 ciphers?
Maybe you've compiled openssl with the 'no-idea'-flag, as I did, because IDEA is patended in USA, Europe, ... Greetings, Alex --- Rajidhar Etta <[EMAIL PROTECTED]> schrieb: > Hi all, > We have the following platform ( Oracle HTTP server: part of Oracle iAS > 9i) > --->Apache/1.3.12 (Unix) ApacheJServ/1.1 mod_ssl/2.6.4 OpenSSL/0.9.5a > > And in httpd.conf, I've used the following directive so that only > medium and high encryption is enabled ( 128 bit or more ) > > ---> SSLCipherSuite ALL:!ADH:!EXP:!LOW:!NULL:!eNULL: > > My problem is, I cant see RC2 and IDEA encryption algorithms in the > list of algorithms in the list when I do > > $openssl ciphers -v 'ALL:!ADH:!EXP:!LOW:!NULL:!eNULL:' > the output is ---> > $DHE-DSS-RC4-SHA SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1 > EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 > EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 > DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 > RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 > RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 > DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 > RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 > > Also, when I use the netcraft's tool ( > http://www.netcraft.com/sslwhats/ ), > It shows that our site only supports RC4-MD5 & DES3-MD5. > > I am missing some thing? > My goal is to enable all the 128+ ciphers to be enabled. > > Thanks in advance > Rajidhar E > > > > begin:vcard > n:Etta;Rajidhar > fn:Rajidhar Etta > tel;cell:609.203.3697 > tel;fax:(888) 979-8800 > tel;home:(609) 750-0836 > tel;work:(609) 951-8500 x192 > org:eComServer Inc;ACB > adr:;;Princeton Executive Campus, 4301, Route 1, South Suite 220,;Monmouth > Junction;NJ;08852;United States of America > version:2.1 > email;internet:[EMAIL PROTECTED] > title:Software Engineer > end:vcard > > __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Where to place Configuration-Parts (was: Re: Problem serving to some browsers)
--- Cliff Woolley <[EMAIL PROTECTED]> schrieb: > On Thu, 30 Aug 2001, James W.Blackwell wrote: > > > I've had several people report problems with the secure side of the > > site. Usually it's that images are not being served on secure pages. > > Sometimes a couple of the images come through but not all (and > > randomly). Very rarely they get no response from the server at all. > > > > The people having the problem seem to be running IE4/5, one has a > > CompuServe branded version of IE, and two others are using AOL5. I > > could just tell them all to upgrade, but that's not a solution. > > Try adding the following to your config: > > BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown > SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP Can this be done in the -Part of the Configuration-File or has this to be done in each VirtualHost-Part? Thanks & Greetings, Alex __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache and mod_ssl
We do need 2 Virtual Host-Directives for HTTP & HTTPS (as we talked about this in
this list before). So it's simpler to just to use: Redirect / https://%(HTTP_HOST)/
This needs the mod_alias which is compiled in by default.
GreetingX,
Alex
--- ___cliff rayman___ <[EMAIL PROTECTED]> schrieb:
> if u have compiled in mod_rewrite, i believe the
> code below will do what you want. i have not tested
> it here however. check out the following documentation.
>
> http://httpd.apache.org/docs/mod/mod_rewrite.html
> http://httpd.apache.org/docs/misc/rewriteguide.html
>
> - snip
> RewriteEngineon
> RewriteCond %{HTTPS} !=on
> RewriteRule ^(.+) https://%(HTTP_HOST)$1 [R,L]
> - snip
>
> Janakiraman Mohanaraman wrote:
>
> > Hi:
> >
> > I am using mod_ssl and openssl in Linux platform for the first time. I was
> > unable to locate documentation regarding the following and am not sure if
> > this is do-able or not.
> >
> > I was trying to setup a directory on my server in such a way that all URL
> > calls to that directory use SSL. Even if the URL entered in the browser is
> > http://..., I would like to change that to https://...:443 automatically.
> > The documentation in mod-ssl indicated that I use the SSLRequireSSL flag
> > for the directory to require SSL to access this directory. However, I was
> > able to access this directory in http. I am using Apache 1.3.20, mod_ssl
> > 2.8.4, openssl-0.9.6b in Linux 7.1 platform.
> >
> > I am looking for resolving 2 issues:
> > a) Apache / mod_ssl Configuration to ensure that calls to a specific
> > directory (say, /usr/apache/test/ssl) always use SSL;
> > b) If user tries to access this directory in using http, automatically
> > change that to https.
> >
> > Can someone shed light on whether this is do-able and if so how?
> >
>
> --
> ___cliff [EMAIL PROTECTED]http://www.genwax.com/
>
>
> __
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
__
Do You Yahoo!?
Gesendet von Yahoo! Mail - http://mail.yahoo.de
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
RE: Re: Importing Self-signed CA into Netscape Browser
Have you created your CA-Certificate with the steps in http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29 ? Then you have the certificate in the right format. I don't know if it works under Linux/Unix if you call a certificate from a file-URL (in Windump it doesn't), try to request it via http and the loadcacert.cgi (so that the correct mime-type is transmitted). After that Netscape brings up a Window to install the Certificate automatically and no password is required. Here the installation process of the cert with pictures (but in german language): Netscape 4: http://www.weisshuhn.de/security/ssl/netscape.html Netscape 6: http://www.weisshuhn.de/security/ssl/ns6.html GreetingX, Alex --- George Walsh <[EMAIL PROTECTED]> schrieb: > Thanks for taking the trouble to respond to my apparent thick-mindedness, Alex! > > I pointed the URL to the actual test file containing the certificate: in this case > file:///opt/apache/conf/ssl.crt/ca.crt. > > Then, I hit on the security icon and asked to import the certificate. It asks for a > password(which I left blank) and then the name of the file - indicating an *.p12 >extension. > However, it will only find the file without the extensio, of course. This suggests >to me that > some kind of conversion is necessary? If I ask to look for certificates accepted (in >any > category!) nothing shows except the commercial CAs. > > Can you provide me with a further step up? > Maybe I need to go back and recreate the certificates in encryted form??? > > Thanks, Alex. > > George > > > Alex Pircher <[EMAIL PROTECTED]> wrote: > > >Can you provide the URL of loadcacert.cgi? > > > >If SSL is enabled the mime-type for certificates is ordinary correctly set in the >httpd.conf. > >So actually you don't need loadcacert.cgi, you just have to point your Browser to >the URL of > >the certificate. This worked for me without problems. > > > >GreetingX, > > Alex > > > >> I prepared the CAs using the "make certificate TYPE=custom" option. Both the >server and the > CA > >> files look fine to me and are in their proper pews. > >> There were warnings about security depth being 0, but that is to be expected >during the > creation > >> process. > >> > >> In the mod_ssl documentation the instruction asks that I 'fire up' Communicator >and use the > Perl > >> script loadcacert.cgi in the pkg.contrib directory to load the CA into the >browser. > >> > >> Then I have to 'walk through the dialog boxes'. > >> > >> Well, this is all too simple for me to comprehend. I can execute the script file >and it > assigns > >> the x509 type, determines the length and prints out the certificate data, but >that doesn't > get > >> into Communicator, so nothing really happens. How do I tie the script output into > Communicator > >> to trigger what should be happening? > >> > >> Or is there a more straightforward way??? > >> > >> Thanks, > >> > >> George Walsh, > >> Managing Director > >> Travel Seewise Pacific Corp > >> > >> -- > >> George Walsh, > >> Managing Director, > >> Travel Seewise Pacific Corp > >> Vancouver Canada __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de
Re: Importing Self-signed CA into Netscape Browser
Can you provide the URL of loadcacert.cgi? If SSL is enabled the mime-type for certificates is ordinary correctly set in the httpd.conf. So actually you don't need loadcacert.cgi, you just have to point your Browser to the URL of the certificate. This worked for me without problems. GreetingX, Alex > I prepared the CAs using the "make certificate TYPE=custom" option. Both the server >and the CA > files look fine to me and are in their proper pews. > There were warnings about security depth being 0, but that is to be expected during >the creation > process. > > In the mod_ssl documentation the instruction asks that I 'fire up' Communicator and >use the Perl > script loadcacert.cgi in the pkg.contrib directory to load the CA into the browser. > > Then I have to 'walk through the dialog boxes'. > > Well, this is all too simple for me to comprehend. I can execute the script file and >it assigns > the x509 type, determines the length and prints out the certificate data, but that >doesn't get > into Communicator, so nothing really happens. How do I tie the script output into >Communicator > to trigger what should be happening? > > Or is there a more straightforward way??? > > Thanks, > > George Walsh, > Managing Director > Travel Seewise Pacific Corp > > -- > George Walsh, > Managing Director, > Travel Seewise Pacific Corp > Vancouver Canada > > > > __ > Your favorite stores, helpful shopping tools and great gift ideas. Experience the >convenience of > buying online with Shop@Netscape! http://shopnow.netscape.com/ > > Get your own FREE, personal Netscape Mail account today at >http://webmail.netscape.com/ > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Serving HTTP & HTTPS in one VHost-Config?
> ... > > All the guy was trying to do > > was have two VHs running off the same DocumentRoot. Now we all know you > > can do this with two DocumentRoot directives pointing to the same > > directory but that violates the Prime Directive (which is: "Never Define > > Anything Twice"). > > > As long as we're talking about just setting DocumentRoot to the same in > two places I really can't see what all the fuss is about - maybe if we > were talking about more than two, just throw a comment in there as a > reminder. Well, I thought it would be easier to manage if I have the same configuration within one and not within two virtual-host-directives. The Configuration is rather complex so it would be easier to make necessary changes not in 2 Configurations. Maybe the following works: Include host.conf SSLEngine on SSLCertificateFile /.../server.crt SSLCertificateKeyFile /.../server.key Include host.conf But then I've also 2 Configuration-files ... I think I'll make 2 VHosts with the same Configuration in it - that's the simplest solution. THX & GreetingX, Alex __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Serving HTTP & HTTPS in one VHost-Config?
--- Thomas Binder <[EMAIL PROTECTED]> schrieb: > Hi! > > On Thu, Aug 16, 2001 at 02:15:09PM +0200, Owen Boyle wrote: > > > [Both hosts with the same content] > > > > The only simple way is with two VHs with the same DocumentRoot - even > > though it violates the Prime Directive (which is: "Never Define Anything > > More Than Once"). > > > > If anyone can think of a RewriteRule that would do it - post it! > > I'd suggest using a reverse proxy for that, i.e. let the SSL VHost be > just a reverse proxy for the normal server. An interesting idea, but this would of course require the additional module mod_proxy. GreetingX, Alex __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Serving HTTP & HTTPS in one VHost-Config?
--- Mads Toftum <[EMAIL PROTECTED]> schrieb: > On Thu, Aug 16, 2001 at 01:48:33PM +0100, [EMAIL PROTECTED] wrote: > > One of Ralf's slides from ApacheCon 2000 has a rewrite rule to do this. I've > > wanted to implement it for some time, but I couldn't figure it out! > > > > http://www.modssl.org/docs/apachecon2000/slide-020-n.html > > What exactly is it that isn't working? - I've made similar hacks without too > much trouble. The VirtualHost-Directive is missing. Have you set up an VHost that servex HTTPS and HTTP (within one VHost-Configuration)? If so, could you send me the relevant configuration parts. THX & GreetingX, Alex __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Serving HTTP & HTTPS in one VHost-Config?
>--- Owen Boyle <[EMAIL PROTECTED]> wrote: > > > OK. So only "NameVirtualhost 123.123.123.123" > > You'll still get a warning with this. To be absolutely safe, use: > > NameVirtualhost 123.123.123.123:80 > > Then you can have as many NBVHs as you like on port 80 and exactly one > SSL VH on port 443. Actually I'm having more than one SSL VH on one IP (Subdomains with Wildcard-Cert), so I think I'm not allowed to specify the port 80 here. > > > What's the real problem? Do you want them both to serve the same > > > content? > > > > Exactly, is this possible? > > The only simple way is with two VHs with the same DocumentRoot - even > though it violates the Prime Directive (which is: "Never Define Anything > More Than Once"). Yes, I've done that already. > If anyone can think of a RewriteRule that would do it - post it! I don't think that a RewriteRule would help here, because the SSL-Engine is under the Rewrite-Engine - that means SSL comes before Rewrite. You should think about a new Configuration-Directive: "HTTPandHTTPS [httpport [httpsport]]" - Serving HTTP & HTTPS in one VHost-Config I thought that serving HTTP and HTTPS in one VHost-Config is rather general ... -- > --- Charles Benett <[EMAIL PROTECTED]> wrote: > ... > > > What's the real problem? Do you want them both to serve the same > > > content? > > > > Exactly, is this possible? > > Interesting - why do you want to do that? I want to offer HTTP for internal and HTTPS for external connections. As HTTPS is cpu-consuming internal connections should be handled with HTTP. > How about creating two virtual hosts one http one https and then linking > the directory of one to the other? > I haven't tried it - but it should work on unix. Should work, but defining the same DocumentRoot in the 2 virtual hosts is easier. I think I'll make now my initial solution. One VHost for HTTP and one for HTTPS ... Thanks for all the answers, Alex __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Serving HTTP & HTTPS in one VHost-Config?
> > Is it possible to serve HTTP & HTTPS within one Virtual Host- > > Configuration? > > > > NameVirtualHost 123.123.123.123:80 > > NameVirtualHost 123.123.123.123:443 > > > > ServerName www.domain.com > > SSLEngine on > > SSLCertificateFile /.../server.crt > > SSLCertificateKeyFile /.../server.key > > DocumentRoot /.../ > > > > > > This won't work, because the SSLEngine is activated for Port 80 and 443. > > Well spotted. > > > Any ideas or have I to use two Virtual Host-Configurations - one for 80 > > and one for 443? > > Use two VirtualHosts and don't do "NameVirtualHost > 123.123.123.123:443"... OK. So only "NameVirtualhost 123.123.123.123" > What's the real problem? Do you want them both to serve the same > content? Exactly, is this possible? Thanks & GreetingX, Alex __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Serving HTTP & HTTPS in one VHost-Config?
Is it possible to serve HTTP & HTTPS within one Virtual Host- Configuration? NameVirtualHost 123.123.123.123:80 NameVirtualHost 123.123.123.123:443 ServerName www.domain.com SSLEngine on SSLCertificateFile /.../server.crt SSLCertificateKeyFile /.../server.key DocumentRoot /.../ This won't work, because the SSLEngine is activated for Port 80 and 443. Any ideas or have I to use two Virtual Host-Configurations - one for 80 and one for 443? Thanks and Greetings, Alex __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
