DNS entry - multi IP-based vhosts

2000-10-29 Thread Mignonette Viado 

Hi,

I'm trying to have 2 secure sites using IP-based virtual
hosts. However, when i tried to access the sites using say
https://www.site2.com it returns "Cannot find server or DNS
Error". So i tried using https://site2_IP and it works okey.
This is true for both secure sites. I look at all the logs
but found no errors. So then, what should the DNS entry be?
Below is my http.conf. Thanks.

...
Port 80

Listen 80
Listen 443


ServerName site1_IP


UseCanonicalName On
..
HostnameLookups Off



### Section 3: Virtual Hosts





DocumentRoot "/home/httpd/site2"
ServerName www.site3.com
..
SSLCertificateFile /etc/ssl/certs/site2.crt
SSLCertificateKeyFile /etc/ssl/private/site2.key



DocumentRoot "/home/httpd/site2"
ServerName www.site3.com
..
SSLCertificateFile /etc/ssl/certs/site3.crt
SSLCertificateKeyFile /etc/ssl/private/site3.key





Mignonette Viado
BSS/IMMS CDO
Philweb.Com, Inc.
Tel: +6388-233-3683
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: problem to install

2000-10-27 Thread Mignonette Viado 

have you installed openssl?

On Fri, 27 Oct 2000 09:31:10 -0700
 jeremie roux <[EMAIL PROTECTED]> wrote:
> Hi everyone,
> 
> sorry to bother you, I am trying to install mod-ssl
> /2.7.1 and when
> I configure Apache, I get the following problem:
> "
>  + SSL interface plugin: Vendor DBM (libc)
> /usr/libexec/ld-elf.so.1: /usr/local/bin/openssl:
> Undefined symbol
> "SSLeay_add_all_algorithms"
>   + SSL library path: [SYSTEM]
> "
> 
> Does somebody know what I can do for that? Thanx, jeremie
> 
> PS: here is my Apache cofigure command:
> SSL_BASE=SYSTEM RSA_BASE=/usr/local/lib ./configure
> --enable-module=proxy --enable-module=ssl
> --enable-shared=proxy
> --enable-shared=ssl  --activate-module=src/modules/fastcgi/libfastcgi.a
> --enable-module=rewrite
> 
> 
> 
> 
> __
> Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
> [EMAIL PROTECTED]

Mignonette Viado
BSS/IMMS CDO
Philweb.Com, Inc.
Tel: +6388-233-3683
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: multiple secure IP-based virtual hosts thru https port

2000-10-27 Thread Mignonette Viado 

Hi,

I can access the first site thru the usual 443 port but if i
configure site2 to listen to 443 i get an error. like:



but if i change the 2nd vhost to:
 everything is okey. thus i'll
have something like this:

https://www.site1.com
https://www.site2.com:8000

how can i make it:

https://www.site1.com
https://www.site2.com

i already have "SSLEngine on" in both vhosts.

thanks,
Meg Viado

On Fri, 27 Oct 2000 09:53:01 +0200
 Owen Boyle <[EMAIL PROTECTED]> wrote:
> Mignonette Viado wrote:
> > I tried to have 2 secure sites
> > however i can only access the second site thru port
> 8000.
> 
> Try the following:
> 
> - Add "SSLEngine on" in all SSL VHs
> - Add the port number in the  tags.
> 
> eg.
> 
> 
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> DocumentRoot "/home/httpd/site1"
> ServerName www.site1.com
> SSL Engine on
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> ...
> 
> 
> 
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> DocumentRoot "/home/httpd/site2"
> ServerName www.site2.com
> SSL Engine on
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> .
> 
> __
> Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
> [EMAIL PROTECTED]

Mignonette Viado
BSS/IMMS CDO
Philweb.Com, Inc.
Tel: +6388-233-3683
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: multiple secure IP-based virtual hosts thru https port

2000-10-26 Thread Mignonette Viado 

Hello,

Below is my httpd.conf. I tried to have 2 secure sites
however i can only access the second site thru port 8000.
Can't i make the second site listen to the standard https
port too? I tried setting the 2nd site but i get connection
refused by server. Please help. 

Mignonette Viado

...
### Section 2: 'Main' server configuration

Port 80

Listen 80
Listen 443
Listen IPSITE2:8000


User nobody
Group nobody

ServerName IPSITE0
.
### Section 3: Virtual Hosts



DocumentRoot "/home/httpd/site1"
ServerName www.site1.com
.
SSLCertificateFile /etc/ssl/certs/SITE1.crt
SSLCertificateKeyFile /etc/ssl/private/SITE1.key
SSLCACertificatePath /etc/ssl/certs
...



DocumentRoot "/home/httpd/site2"
ServerName www.site2.com
..
SSLCertificateFile /etc/ssl/certs/site2.crt
SSLCertificateKeyFile /etc/ssl/private/site2.key
SSLCACertificatePath /etc/ssl/certs
.








On Tue, 24 Oct 2000 06:38:49 -0700 (PDT)
 Merton Campbell Crockett <[EMAIL PROTECTED]> wrote:
> 
> 
> On Mon, 23 Oct 2000, Panon, Paul-Andre wrote:
> 
> > Hello,
> > 
> > I am trying to use multiple name-based virtual hosts
> with mod_ssl. The
> > system is running Mandrake 7.1 with mod_ssl-2.6.4. The
> virtual hosts
> > definition work fine with one gotcha, the first
> certificate/private key pair
> > is being used for both virtual hosts.
> 
>   . . .
> 
> > If I try to establish a secure connection to either
> site1 or site2, then I
> > get appropriate the pages and access for that site
> based on the document
> > root and the location/directory specific directives.
> However when I connect
> > to site2, I get a browser error stemming from a name
> mismatch between the
> > site name and the site certificate. When I check the
> detailed information
> > for the server certificate, it's showing me the
> information for the
> > certificate of site1, even though I retrieve the pages
> for site 2. Can't
> > mod_ssl handle separate certificates for each vhost? If
> not, then why are
> > the SSSCertificate(Key)File directives used in
>  instead of
> > being global?
> 
> 
> Both mod_ssl and its predecessor ssleay can support
> separate certificates
> for each virtual host.  The catch is that each virtual
> host must have a
> unique IP address as the entire TCP packet payload is
> encrypted.
> 
> Were you to use tcpdump or a packet sniffer to look at
> the network traffic,
> you would be able to view the IP and TCP headers along
> with the HTTP header 
> that is embedded in the TCP packet payload for each
> virtual host for all
> traffic to or from port 80.
> 
> Once the SSL negotiation is completed, you will discover
> that you can still
> view the IP and TCP headers but can no longer view the
> HTTP header that is
> embedded in the TCP packet payload as the entire payload
> is encrypted.  The
> only clue that you have to decypher the TCP packet
> payload is the source and
> destination IP addresses and port carried in the packet's
> IP and TCP
> headers.
> 
> Even on a small site, it would be time consuming to cycle
> through all of
> your keys to decipher the message digest to discover if
> it contains the key
> needed to decipher the remainder of the payload
> correctly.  How do you
> define correct?  Pass Apache the packet for each key pair
> that you used to
> find which one produced reasonable results?
> 
> The only way to remove ambiguity is to use a unique IP
> address for each
> virtual host that is using SSL to protect the data that
> is being
> transmitted.
> 
> This is a gross oversimplification of the process but
> should give you an
> idea why each virtual host that uses SSL to protect data
> needs a unique IP
> address and why you see the error that you report.
> 
> Merton Campbell Crockett
> 
> __
> Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
> [EMAIL PROTECTED]

Mignonette Viado
BSS/IMMS CDO
Philweb.Com, Inc.
Tel: +6388-233-3683
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]