RE: 2 VirtualHosts with 2 Certificates

[Irving Carrion]

Everyone knows this question will not stop coming... is it possible to
return an error message to the user when restarting apache?  Only a
suggestion  =)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of James Barwick
Sent: Wednesday, January 08, 2003 4:30 PM
To: [EMAIL PROTECTED]
Subject: Re: 2 VirtualHosts with 2 Certificates

Should have read the MOST FREQUENTLY ASKED FREQUENTLY ASKED QUESTIONS!!!

Can't do that.  Learn a little more about SSL.  It's IP based, not name 
based.  So, you can only have
one certificate and one firtual host on 92.35.28.17:443.  Sorry...but 
that's the way it goes.

Same question answer number four billion six hundred seventeen million 
two hundred thirty-four thousand nine hunderd twenty-four!

;)

JDB

toxshark wrote:

> i have the apache configured with 2 VirtualHosts on port 443.
>
> both VirtualServers have separately CertificateFiles and 
> CertificateKeyFiles.
>
> but now if i connect to the VirtualHost2, the Host have the 
> Certificate from the VirtualServer1!
>
> both Hosts have now the same Certificate.
>
>  
>
> my httpd.config:
>
>  
>
> ...
>
> NameVirtualHost 92.35.28.17:443
>
>  
>
> 
>
> ServerName domain1.com
>
> ServerAlias www.domain1.com
>
> DocumentRoot "/web1/"
>
> SSLEngine on
>
> SSLCertificateFile /usr/local/etc/apache/key/ssl1.cert
>
> SSLCertificateKeyFile /usr/local/etc/apache/key/ssl1.key
>
> 
>
>  
>
> 
>
> ServerName domain2.com
>
> ServerAlias www.domain2.com
>
> DocumentRoot "/web2/"
>
> SSLEngine on
>
> SSLCertificateFile /usr/local/etc/apache/key/ssl2.cert
>
> SSLCertificateKeyFile /usr/local/etc/apache/key/ssl2.key
>
> 
>
> ...
>
>  
>


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: mod-ssl Virtual Hosts

[Irving Carrion]

Thanks for the reply.

According to the docs the following should work...

   
   ... standard directives such as DocumentRoot, Logfile, ErrorLog here
...
   
   SSLEngine on
   SSLCertificateFile/etc/apache/ssl.crt/server.crt
   SSLCertificateKeyFile /etc/apache/ssl.key/server.key
   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   
   

Now when I add another one like this 

   
   ... standard directives such as DocumentRoot, Logfile, ErrorLog here
...
   
   SSLEngine on
   SSLCertificateFile/etc/apache/ssl.crt/server.crt
   SSLCertificateKeyFile /etc/apache/ssl.key/server.key
   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   
   

Only the first domain works and the second does not.

So your saying to use ip based virtual host like this... 

   
   ... standard directives such as DocumentRoot, Logfile, ErrorLog here
...
   
   SSLEngine on
   SSLCertificateFile/etc/apache/ssl.crt/server.crt
   SSLCertificateKeyFile /etc/apache/ssl.key/server.key
   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   
   


Is this correct?

Thanks!
IRV




-Original Message-
From: [EMAIL PROTECTED]
[mailto:owner-modssl-users@;modssl.org] On Behalf Of Dave Paris
Sent: Friday, November 08, 2002 2:05 PM
To: [EMAIL PROTECTED]
Subject: Re: mod-ssl Virtual Hosts

a) you could try surfing the archives of this list since an arguable 
10% of the traffic is either this exact question or directly relates to 
it.
b) you could use different ports
c) you could use different IPs.  they're not *that* rare .. and .. it 
could be sanely argued that if you've got content important enough to 
protect using SSL, the cost of "using up" an IP is just part of the 
cost of making that _important_ information accessible.

-dsp


On Friday, Nov 8, 2002, at 18:30 Europe/London, Irving Carrion wrote:

> Hello All!
>
> Just recently I was able to get this mod-ssl library working on
Apache.
> It is working just fine.  Much thanks to the developer team.
>
> Anyway my question is...
>
> Currently I use name-based virtual hosts for all of our websites.
>
> http://domain1.com
> http://domain2.com
>
> We would like to have the ability to get each domain a https address
as
> well like...
>
> https://domain1.com
> https://domain2.com
>
> What would be the best method of tackling this, since mod-ssl doesn't
> support name-based virtual host?
>
> I've thought of using IP Based virtual host, but there isn't enough
> static ip's to go around.  I've also thought of using
> proxypass/proxyreverse to point it to an internal static ip.  Am I on
> target with this?
>
> I would really appreciate any help or suggestions ANYONE can provide.
>
> Thanks!
> IRV
>
>
>
>
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

mod-ssl Virtual Hosts

[Irving Carrion]

Hello All!

Just recently I was able to get this mod-ssl library working on Apache.
It is working just fine.  Much thanks to the developer team.

Anyway my question is...

Currently I use name-based virtual hosts for all of our websites.

http://domain1.com
http://domain2.com

We would like to have the ability to get each domain a https address as
well like...

https://domain1.com
https://domain2.com

What would be the best method of tackling this, since mod-ssl doesn't
support name-based virtual host?

I've thought of using IP Based virtual host, but there isn't enough
static ip's to go around.  I've also thought of using
proxypass/proxyreverse to point it to an internal static ip.  Am I on
target with this?

I would really appreciate any help or suggestions ANYONE can provide.

Thanks!
IRV




__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]