Re: [us...@httpd] port 80 + 8080 + SSL (443)
Hello, IP-based or Named-based ? how many NIC with your Server machine ? Ed. KURT PETERS wrote: I would like to set up my server to respond with the same website for incoming requests to both port 80 and 8080, but a different virtual server for 443. I set up something like below, but it seems like overkill. Listen 80 Listen 8080 Listen 443 NameVirtualHost 172.20.30.40:80 NameVirtualHost 172.20.30.40:8080 NameVirtualHost 192.168.1.40:80 NameVirtualHost 192.168.1.40:8080 VirtualHost 172.20.30.40:80 172.20.30.40:8080 192.168.1.40:80 192.168.1.40:8080 ServerName www.example.com http://www.example.com ServerAlias LOCALNAME DocumentRoot /var/www /VirtualHost NameVirtualHost 172.20.30.40:443 NameVirtualHost 192.168.1.40:443 VirtualHost 172.20.30.40:443 192.168.1.40:443 ServerName www.example.com http://www.example.com DocumentRoot /var/secwww /VirtualHost Is there an easier way to do this? Also, is this right? I do get a warning that Apache2 cannot determine the servername, and I'm not sure what to do to get rid of that error. On a similar, but equally important note: I did something like above, but I get a timeout for incoming to https:// when I'm testing it from outside my router. Any hints at what might be going wrong there? Regards, Kurt __ Information from ESET Smart Security, version of virus signature database 3856 (20090216) __ The message was checked by ESET Smart Security. http://www.eset.com
Re: [EMAIL PROTECTED] HTTP Server 2.2.9 - Unable to view the files from IE
Dear Jay, Are you running your web server by using default config file for testing ? Edward. Jay wrote: Hello Linux Version : Red Hat Enterprise Version 5.0 Downloaded HTTP server 2.2.9 source, built installed Started the server using the command apachectl start the server started fine. No errors in logs/error_log Have attached httpd.conf From the IE in my windows box, if I access the URL, http://a.b.c.d get the error message that, Page Not Found From my windows system, am able to ping linux server a.b.c.d Could someone please explain, what to look for and how to solve this problem ? Thanks # # This is the main Apache HTTP server configuration file. It contains the # configuration directives that give the server its instructions. # See URL:http://httpd.apache.org/docs/2.2 for detailed information. # In particular, see # URL:http://httpd.apache.org/docs/2.2/mod/directives.html # for a discussion of each configuration directive. # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with / (or drive:/ for Win32), the # server will use that explicit path. If the filenames do *not* begin # with /, the value of ServerRoot is prepended -- so logs/foo_log # with ServerRoot set to /usr/local/fnmt/apache2 will be interpreted by the # server as /usr/local/fnmt/apache2/logs/foo_log. # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # # Do not add a slash at the end of the directory path. If you point # ServerRoot at a non-local disk, be sure to point the LockFile directive # at a local disk. If you wish to share the same ServerRoot for multiple # httpd daemons, you will need to change at least LockFile and PidFile. # ServerRoot /usr/local/fnmt/apache2 # # Listen: Allows you to bind Apache to specific IP addresses and/or # ports, instead of the default. See also the VirtualHost # directive. # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 Listen 80 # # Dynamic Shared Object (DSO) Support # # To be able to use the functionality of a module which was built as a DSO you # have to place corresponding `LoadModule' lines at this location so the # directives contained in it are actually available _before_ they are used. # Statically compiled modules (those listed by `httpd -l') do not need # to be loaded here. # # Example: # LoadModule foo_module modules/mod_foo.so # IfModule !mpm_netware_module IfModule !mpm_winnt_module # # If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. # # User/Group: The name (or #number) of the user/group to run httpd as. # It is usually good practice to create a dedicated user and group for # running httpd, as with most system services. # User daemon Group daemon /IfModule /IfModule # 'Main' server configuration # # The directives in this section set up the values used by the 'main' # server, which responds to any requests that aren't handled by a # VirtualHost definition. These values also provide defaults for # any VirtualHost containers you may define later in the file. # # All of these directives may appear inside VirtualHost containers, # in which case these default settings will be overridden for the # virtual host being defined. # # # ServerAdmin: Your address, where problems with the server should be # e-mailed. This address appears on some server-generated pages, such # as error documents. e.g. [EMAIL PROTECTED] # ServerAdmin [EMAIL PROTECTED] # # ServerName gives the name and port that the server uses to identify itself. # This can often be determined automatically, but we recommend you specify # it explicitly to prevent problems during startup. # # If your host doesn't have a registered DNS name, enter its IP address here. # #ServerName www.example.com:80 # # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # DocumentRoot /usr/local/fnmt/apache2/htdocs # # Each directory to which Apache has access can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the default to be a very restrictive set of # features. # Directory / Options FollowSymLinks AllowOverride None Order allow,deny Allow from all /Directory # # Note that from this point forward you must specifically allow # particular features to be enabled - so if
Re: [EMAIL PROTECTED] HTTP Server 2.2.9 - Unable to view the files from IE
Jay wrote: Hello Edward, Thank you for your reply. Was able to see your reply in the archives but it didn't land in my inbox yet. Subscribed to this list just a moment before posting this question. So, it may take a while for the list to reflect my user id as well. So, this may appear as a new thread. Coming back to the original problem,as it didn't work with the default conf file, I made minor modification as below: Original entry: Directory / Options FollowSymLinks AllowOverride None Order deny,allow Deny from all /Directory Updated as: Directory / Options FollowSymLinks AllowOverride None Order allow,deny Allow from all /Directory Thank You. Hello Jay, Would you capture your problem as gif/jpg, then post here for discrib your problem ? OR You may try these ( default of FC6 System ) : Options Indexes Includes FollowSymLinks MultiViews ExecCGI Thanks ! Edward.
[EMAIL PROTECTED] LimitRequestBody config
Dear All, Mne is FC6 System, So, is there the Apache setting as the title ? Thanks ! Edward. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] https and mod_gnutls
Dear All, If your System is Linux FC6, then , are you using your https with mod_gnutls ? So, would you mind to share your installation steps here ? Thank for your help ! Edward. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] http and https
Dear All,
I just modify the config again, but it still problem ( can't open the
web page ) :
NameVirtualHost *:443
VirtualHost *:443
DocumentRoot /home/itawm/html
ServerName webmail.ita.org.mo:443
ErrorLog /var/log/httpd/itawm-ssl-error.log
TransferLog /var/log/httpd/itawm-ssl-access.log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/ssl/ita.server.crt
SSLCertificateKeyFile /etc/httpd/ssl/ita.server.key
Files ~ \.(cgi|shtml|phtml|php3?)$
SSLOptions +StdEnvVars
/Files
Directory /var/www/cgi-bin
SSLOptions +StdEnvVars
/Directory
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/itawm-ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
warning message :
[Sun Sep 23 17:09:20 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Sun Sep 23 17:09:20 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Sun Sep 23 17:09:20 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Sun Sep 23 17:09:20 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Sun Sep 23 17:09:20 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Sun Sep 23 17:09:20 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
Any more help ?
Thanks !
Edward.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] https function ( default ) of Linux FC6
Dear All, Just found the https can't be good for work... # # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these # directives see URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # LoadModule ssl_module modules/mod_ssl.so # # When we also provide SSL we have to listen to the # the HTTPS port in addition. # Listen 443 NameVirtualHost *:443 ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # # Some MIME-types for downloading Certificates and CRLs # AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). #SSLSessionCachedc:UNIX:/var/cache/mod_ssl/distcache SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. SSLMutex default # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 # # Use SSLCryptoDevice to enable any supported hardware # accelerators. Use openssl engine -v to list supported # engine names. NOTE: If you enable an accelerator and the # server does not start, consult the error logs and ensure # your accelerator is functioning properly. # SSLCryptoDevice builtin #SSLCryptoDevice ubsec ## ## SSL Virtual Host Context ## VirtualHost _default_:443 # General setup for the virtual host, inherited from global configuration #DocumentRoot /var/www/html #ServerName www.example.com:443 # Use separate log files for the SSL virtual host; note that LogLevel # is not inherited from httpd.conf. ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # SSL Protocol support: # List the enable protocol levels with which clients will be able to # connect. Disable SSLv2 access by default: SSLProtocol all -SSLv2 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. A new # certificate can be generated using the genkey(1) command. SSLCertificateFile /etc/pki/tls/certs/localhost.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) SSLCertificateKeyFile /etc/pki/tls/private/localhost.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt # Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded)
Re: [EMAIL PROTECTED] Help for first time user
Hello Judy, What is your environment ? Edward. Judy Hulsey wrote: I am an Information Technology student and I am taking PHP this semester. I have downloaded and installed Apache and when I test it I get the message It works! But when I try to open a page with Apache I get HTTP 403 (Forbidden) Forbidden You don't have permission to access /PHP_Projects/Chapter.01/Chapter/DessertShop.html on this server. I get this error in my log files: [Sun Sep 23 10:06:45 2007] [error] [client 127.0.0.1] client denied by server configuration: C:/Course Technology/1687-5/Chapter.01/Chapter/DessertShop.html [Sun Sep 23 10:10:09 2007] [error] [client 127.0.0.1] File does not exist: C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/favicon.ico. Please someone help me Shape Yahoo! in your own image. Join our Network Research Panel today! http://us.rd.yahoo.com/evt=48517/*http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
Re: [EMAIL PROTECTED] http and https
Sander Temme wrote: On Sep 21, 2007, at 9:13 AM, [EMAIL PROTECTED] wrote: Sorry, I don't quit understand what your means... I'm sorry to hear that. For the Web Server setting ( http + https ) : Listen 80 NameVirtualHost ip_address NameVirtualHost ip_address:80 Because you're not running name-based virtual hosts on 443. VirtualHost webmail.ita.org.mo VirtualHost ip_address:80 ServerName webmail.ita.org.mo:80 Redirect / https://webmail.ita.org.mo:443 /VirtualHost I see nothing wrong with the configuration of your SSL vhost. etc/rc.d/init.d/httpd restart : Stopping httpd: [ OK ] Starting httpd: [Fri Sep 21 23:57:12 2007] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [ OK ] That suggests there is another virtual host that matches port 443, and I hope that the changes above will make that problem go away by limiting the redirecting vhost to port 80. Another possibility: could it be that you have another virtual host on port 443 somewhere in your configuration? Some of those Apaches that come installed on Linux have an orgy of different configuration files that get included here and there, and it's easy to lose track. Would you mind to help ( assist ) to update the config ? See above. You can get an overview of the virtual hosts you have configured by calling httpd -S. See httpd -h for a list of command- line options. S. Hello Sander, Are you using single IP + http + https + VH ( Virtual Host ) ? If so, would you mind to post your config as an sample here for reference ? I may need an sample for the test... Thank for your help ! Edward. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] https can;t be good for work
Dear All,
I can't to enable the https as the following :
VirtualHost webmail.ita.org.mo
Redirect / https://webmail.ita.org.mo:443
/VirtualHost
VirtualHost webmail.ita.org.mo
DocumentRoot ...
ServerName webmail.ita.org.mo
ErrorLog ...
TransferLog ...
SSLEngine on
SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
Files ~ \.(cgi|shtml|phtml|php3?)$
SSLOptions +StdEnvVars
/Files
Directory /var/www/cgi-bin
SSLOptions +StdEnvVars
/Directory
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/itawm-ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
error log of web server :
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
ssl error log :
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
So, what mistake about the config ?
Remark : The ssl is self-signed SSL Certificate, and the Web Server come
with FC6 System.
Thanks !
Edward.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] https can;t be good for work
Hello,
Following this guide !
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
Edward.
Serge Dubrouski wrote:
Where did you get you SSL certificate? Look like it's not the right one.
On 9/21/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Dear All,
I can't to enable the https as the following :
VirtualHost webmail.ita.org.mo
Redirect / https://webmail.ita.org.mo:443
/VirtualHost
VirtualHost webmail.ita.org.mo
DocumentRoot ...
ServerName webmail.ita.org.mo
ErrorLog ...
TransferLog ...
SSLEngine on
SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
Files ~ \.(cgi|shtml|phtml|php3?)$
SSLOptions +StdEnvVars
/Files
Directory /var/www/cgi-bin
SSLOptions +StdEnvVars
/Directory
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/itawm-ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
error log of web server :
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
ssl error log :
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
So, what mistake about the config ?
Remark : The ssl is self-signed SSL Certificate, and the Web Server come
with FC6 System.
Thanks !
Edward.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] http and https
Dear All, For virtual host config, Is there a sample for convert http to https ? Thanks ! Edward. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] http and https
Hello to you, So, is there a solution about this problem ? Thanks ! Edward. Serge Dubrouski wrote: Be careful. NameVirtualHosts can't be converted to HTTPs. You can't have more than one HTTPS server on the same IP:port. On 9/21/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Dear All, For virtual host config, Is there a sample for convert http to https ? Thanks ! Edward. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] https can;t be good for work
Hello to you,
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
Edward.
Serge Dubrouski wrote:
What is the error message when you try selfsigned cert?
On 9/21/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hello to you,
I have ever tried to the self cert, but it is still problem...
BTW, for the VH ( Virtual Host ) config, how to convert http to https ?
Due to http need the 80 port, and https need the 443 port...
Thanks !
Edward.
Serge Dubrouski wrote:
This guide tells you how to create your own Certificate Authority. You
can't use CA cert as a server SSL cert you have to use it for signing
server cert. See OpenSSL documentation for this or try to use this:
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
On 9/21/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hello,
Following this guide !
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
Edward.
Serge Dubrouski wrote:
Where did you get you SSL certificate? Look like it's not the right one.
On 9/21/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Dear All,
I can't to enable the https as the following :
VirtualHost webmail.ita.org.mo
Redirect / https://webmail.ita.org.mo:443
/VirtualHost
VirtualHost webmail.ita.org.mo
DocumentRoot ...
ServerName webmail.ita.org.mo
ErrorLog ...
TransferLog ...
SSLEngine on
SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
Files ~ \.(cgi|shtml|phtml|php3?)$
SSLOptions +StdEnvVars
/Files
Directory /var/www/cgi-bin
SSLOptions +StdEnvVars
/Directory
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/itawm-ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
error log of web server :
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
ssl error log :
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
So, what mistake about the config ?
Remark : The ssl is self-signed SSL Certificate, and the Web Server come
with FC6 System.
Thanks !
Edward.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more
info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest:
[EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] https can;t be good for work
Hello to you,
re-post there again:
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
Edward.
Serge Dubrouski wrote:
What is the error message when you try selfsigned cert?
On 9/21/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hello to you,
I have ever tried to the self cert, but it is still problem...
BTW, for the VH ( Virtual Host ) config, how to convert http to https ?
Due to http need the 80 port, and https need the 443 port...
Thanks !
Edward.
Serge Dubrouski wrote:
This guide tells you how to create your own Certificate Authority. You
can't use CA cert as a server SSL cert you have to use it for signing
server cert. See OpenSSL documentation for this or try to use this:
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
On 9/21/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hello,
Following this guide !
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
Edward.
Serge Dubrouski wrote:
Where did you get you SSL certificate? Look like it's not the right one.
On 9/21/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Dear All,
I can't to enable the https as the following :
VirtualHost webmail.ita.org.mo
Redirect / https://webmail.ita.org.mo:443
/VirtualHost
VirtualHost webmail.ita.org.mo
DocumentRoot ...
ServerName webmail.ita.org.mo
ErrorLog ...
TransferLog ...
SSLEngine on
SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
Files ~ \.(cgi|shtml|phtml|php3?)$
SSLOptions +StdEnvVars
/Files
Directory /var/www/cgi-bin
SSLOptions +StdEnvVars
/Directory
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/itawm-ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
error log of web server :
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
ssl error log :
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
So, what mistake about the config ?
Remark : The ssl is self-signed SSL Certificate, and the Web Server come
with FC6 System.
Thanks !
Edward.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more
info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest:
[EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] https can;t be good for work
Hello to you,
I have ever tried to the self cert, but it is still problem...
BTW, for the VH ( Virtual Host ) config, how to convert http to https ?
Due to http need the 80 port, and https need the 443 port...
Thanks !
Edward.
Serge Dubrouski wrote:
This guide tells you how to create your own Certificate Authority. You
can't use CA cert as a server SSL cert you have to use it for signing
server cert. See OpenSSL documentation for this or try to use this:
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
On 9/21/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hello,
Following this guide !
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
Edward.
Serge Dubrouski wrote:
Where did you get you SSL certificate? Look like it's not the right one.
On 9/21/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Dear All,
I can't to enable the https as the following :
VirtualHost webmail.ita.org.mo
Redirect / https://webmail.ita.org.mo:443
/VirtualHost
VirtualHost webmail.ita.org.mo
DocumentRoot ...
ServerName webmail.ita.org.mo
ErrorLog ...
TransferLog ...
SSLEngine on
SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
Files ~ \.(cgi|shtml|phtml|php3?)$
SSLOptions +StdEnvVars
/Files
Directory /var/www/cgi-bin
SSLOptions +StdEnvVars
/Directory
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/itawm-ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
error log of web server :
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
ssl error log :
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
So, what mistake about the config ?
Remark : The ssl is self-signed SSL Certificate, and the Web Server come
with FC6 System.
Thanks !
Edward.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more
info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest:
[EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] https can;t be good for work
Sander Temme wrote: On Sep 21, 2007, at 7:50 AM, [EMAIL PROTECTED] wrote: VirtualHost webmail.ita.org.mo Redirect / https://webmail.ita.org.mo:443 /VirtualHost That's fine. VirtualHost webmail.ita.org.mo On what port is this vhost listening? In one your configuration files, you probably have a 'Listen 80'. Not specifying a port number in the VirtualHost directive will (correct me if I'm wrong guys) cause that virtualhost to listen on all configured listening ports. So, you'll need: Listen 80 (you already have that) Listen 443 VirtualHost webmail.ita.org.mo:80 .. Redirect .. /VirtualHost VirtualHost webmail.ita.org.mo:443 .. SSLEngine on .. /VirtualHost The Listen 443 causes Apache to attach to that port, the port numbers in the VirtualHost directives are there to make them match only to requests on that port. S. Hello Sander, So, do you means as the following ? NameVirtualHost ip_address Listen 80 Listen 443 VirtualHost webmail.ita.org.mo:80 Redirect / https://webmail.ita.org.mo:443 /VirtualHost VirtualHost webmail.ita.org.mo:443 Servername webmail.ita.org.mo:443 SSLEngine on .. /VirtualHost Is it right now ? BTW, after setup the ssl files ( self-signed SSL Certificate ), I had enter the full domain_name... BUT the error message : [Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? Edward. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] https can;t be good for work
Hello,
I have ever tried to the thing last time...
BUT it is still the error message !
Thanks !
Edward.
Serge Dubrouski wrote:
You still have a CA certificate configured as a Server SSL
certificate. That won't work. Get self signed SSL Server certificate.
On 9/21/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hello to you,
re-post there again:
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
Edward.
Serge Dubrouski wrote:
What is the error message when you try selfsigned cert?
On 9/21/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hello to you,
I have ever tried to the self cert, but it is still problem...
BTW, for the VH ( Virtual Host ) config, how to convert http to https ?
Due to http need the 80 port, and https need the 443 port...
Thanks !
Edward.
Serge Dubrouski wrote:
This guide tells you how to create your own Certificate Authority. You
can't use CA cert as a server SSL cert you have to use it for signing
server cert. See OpenSSL documentation for this or try to use this:
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
On 9/21/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hello,
Following this guide !
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
Edward.
Serge Dubrouski wrote:
Where did you get you SSL certificate? Look like it's not the right one.
On 9/21/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Dear All,
I can't to enable the https as the following :
VirtualHost webmail.ita.org.mo
Redirect / https://webmail.ita.org.mo:443
/VirtualHost
VirtualHost webmail.ita.org.mo
DocumentRoot ...
ServerName webmail.ita.org.mo
ErrorLog ...
TransferLog ...
SSLEngine on
SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
Files ~ \.(cgi|shtml|phtml|php3?)$
SSLOptions +StdEnvVars
/Files
Directory /var/www/cgi-bin
SSLOptions +StdEnvVars
/Directory
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/itawm-ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
error log of web server :
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
ssl error log :
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
So, what mistake about the config ?
Remark : The ssl is self-signed SSL Certificate, and the Web Server come
with FC6 System.
Thanks !
Edward.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more
info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest:
[EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] http and https
Hello Sander,
Sorry, I don't quit understand what your means...
For the Web Server setting ( http + https ) :
Listen 80
NameVirtualHost ip_address
VirtualHost webmail.ita.org.mo
Redirect / https://webmail.ita.org.mo:443
/VirtualHost
Listen 443
VirtualHost _default_:443
DocumentRoot ...
ServerName webmail.ita.org.mo:443
ErrorLog ...
TransferLog ...
SSLEngine on
SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
Files ~ \.(cgi|shtml|phtml|php3?)$
SSLOptions +StdEnvVars
/Files
Directory /var/www/cgi-bin
SSLOptions +StdEnvVars
/Directory
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/itawm-ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
etc/rc.d/init.d/httpd restart :
Stopping httpd: [ OK ]
Starting httpd: [Fri Sep 21 23:57:12 2007] [warn] _default_ VirtualHost
overlap on port 443, the first has precedence
[ OK ]
Would you mind to help ( assist ) to update the config ?
Thanks !
Edward.
Sander Temme wrote:
On Sep 21, 2007, at 8:49 AM, [EMAIL PROTECTED] wrote:
So, is there a solution about this problem ?
Yes, you get a distinct IP address for every SSL-based virtual host
you want to set up. Then you set up your DNS to resolve the right
hostnames to those respective IP addresses, and install certificates
that have the right hostname as CN field on the right virtual hosts.
That completes the circle.
S.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: https can;t be good for work
James Kosin wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
Dear All,
I can't to enable the https as the following :
VirtualHost webmail.ita.org.mo
Redirect / https://webmail.ita.org.mo:443
/VirtualHost
VirtualHost webmail.ita.org.mo
DocumentRoot ...
ServerName webmail.ita.org.mo
ErrorLog ...
TransferLog ...
SSLEngine on
SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
Files ~ \.(cgi|shtml|phtml|php3?)$
SSLOptions +StdEnvVars
/Files
Directory /var/www/cgi-bin
SSLOptions +StdEnvVars
/Directory
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/itawm-ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
error log of web server :
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName
(CN) `localhost' does NOT match server name!?
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName
(CN) `localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName
(CN) `localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName
(CN) `localhost' does NOT match server name!?
ssl error log :
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName
(CN) `localhost.localdomain' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName
(CN) `localhost.localdomain' does NOT match server name!?
So, what mistake about the config ?
Remark : The ssl is self-signed SSL Certificate, and the Web Server
come with FC6 System.
Thanks !
Edward.
Edward,
You didn't do anything wrong. You will have to create a certificate
for webmail.ita.org.mo for this to work without the warnings. The
default cert does not handle external connections...
I believe the cets will be in the /etc/httpd/conf directory.
Hello Jame,
After the config and restart the web server...
I found that we can't to connect to http://webmail.ita.org.mo ( include
redirect problem : https ) !
So, would you mind to give me more help ?
Thanks !
Edward.
Re: [EMAIL PROTECTED] http and http3 config ( Virtual Host ) problem
Hello, I have ever tried to update ( modify ) the config BUT it is still the problem of port 80 / 443 ! So, any more help ? Thanks ! Edward. Chirouze Olivier wrote: This will work. But NameVirtualHost directive is useless as it will not work as expected. Just remove NameVirtualHost *:443 Olivier Olivier CHIROUZE I0 Infrastructure Volvo Information Technology -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 26 February 2007 13:05 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] http and http3 config ( Virtual Host ) problem Hello, So... would you mind to give me a sample for both of config ? Edward. Bruno Teixeira wrote: The *:443 vhost shouldn't be a NameVirtualHost, because the SSL handshake doesn't include ServerName information. Check this list's archive for this issue. Take care [EMAIL PROTECTED] wrote: Dear All, For the Virtual Host config of http and https ( apache 2.2.x ) : NameVirtualHost *:80 NameVirtualHost *:443 VirtualHost *:80 ... ServerName www.domain.tld ServerAlias domain.tld *.domain.tld DocumentRoot /www/domain ... /VirtualHost VirtualHost *:443 ... ServerName www.otherdomain.tld DocumentRoot /www/otherdomain ... /VirtualHost Is these right ? Edward. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Single IP address + http + https +Virtual Host
Dear All, Is there an sample config as the title ? Thanks ! Edward. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] rewrite modules with virtual host setting
Dear All, Is there an sample for rewrite modules ( enable ) with virtual host setting ( apache and FC6 ) ? Edward. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] http and http3 config ( Virtual Host ) problem
Hello, So... would you mind to give me a sample for both of config ? Edward. Bruno Teixeira wrote: The *:443 vhost shouldn't be a NameVirtualHost, because the SSL handshake doesn't include ServerName information. Check this list's archive for this issue. Take care [EMAIL PROTECTED] wrote: Dear All, For the Virtual Host config of http and https ( apache 2.2.x ) : NameVirtualHost *:80 NameVirtualHost *:443 VirtualHost *:80 ... ServerName www.domain.tld ServerAlias domain.tld *.domain.tld DocumentRoot /www/domain ... /VirtualHost VirtualHost *:443 ... ServerName www.otherdomain.tld DocumentRoot /www/otherdomain ... /VirtualHost Is these right ? Edward. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] http and http3 config ( Virtual Host ) problem
Dear All, For the Virtual Host config of http and https ( apache 2.2.x ) : NameVirtualHost *:80 NameVirtualHost *:443 VirtualHost *:80 ... ServerName www.domain.tld ServerAlias domain.tld *.domain.tld DocumentRoot /www/domain ... /VirtualHost VirtualHost *:443 ... ServerName www.otherdomain.tld DocumentRoot /www/otherdomain ... /VirtualHost Is these right ? Edward. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] setting up virtual hosting
matt farey wrote: Sam Carleton wrote: On 2/22/07, Boyle Owen [EMAIL PROTECTED] wrote: I am back at it and it simply is NOT working. No matter what I do, I cannot get to the default web site. It is not clear what you mean by default web site. Once you start using VHs, the default web site becomes the *first* VH in the config. So if you hit the server using IP address only (no hostname) you should get the *first* VH. Is this what happens? If not, what site *do* you get? Owen, I get what I consider the secondary site. Which is exactly why I asked the following question: In years past (like five years ago) I had been successful in doing thing, but that was back when there was only one httpd.conf file. This SuSE setup has a ton of files. Is there some way I can make apache tell me what it sees as the configuration? Is there any way for me to get apache to display the config, the way it sees it? I am guessing I have something backwards so that what I want as the default site is getting consumed after the site I want as the secondary. Sam I should add that the setup before assumed you used a router with port forwarding to get requests to your server from the internet, not a modem, and that you have a static public IP of 66.67.68.69, if you dont have a static IP or if your server is bound to the public IP, then just set apache to listen on that IP too using an extra Listen 66.67.68.69:80 statement, and change the VirtualHost 192.168.0.4:80 to VirtualHost *:80 matt - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Hello, I think you may go to http://httpd.apache.org/docs/2.0/vhosts/ for reference... Edward.
[EMAIL PROTECTED] [Fwd: Root CA ( SSL ) of Web Service]
Original Message Subject:Root CA ( SSL ) of Web Service Date: Wed, 21 Feb 2007 18:11:51 +0800 From: [EMAIL PROTECTED] Reply-To: For users of Fedora [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Dear All, For apache 2.x, which command Syntax for Root CA ? SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt Edwad. -- fedora-list mailing list [EMAIL PROTECTED] To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: [EMAIL PROTECTED] [Fwd: Root CA ( SSL ) of Web Service]
Hello Bruno, So...what is the CA come from the Web ? SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key Is it a sample of Root CA ? Edward. Bruno Teixeira wrote: Edward, the SSLCertificateChainFile directive should indicate a file with both the root and intermediate certificates. http://certs.ipsca.com/support Take care. Bruno Teixeira [EMAIL PROTECTED] wrote: Original Message Subject: Root CA ( SSL ) of Web Service Date: Wed, 21 Feb 2007 18:11:51 +0800 From: [EMAIL PROTECTED] Reply-To: For users of Fedora [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Dear All, For apache 2.x, which command Syntax for Root CA ? SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt Edwad. -- fedora-list mailing list [EMAIL PROTECTED] To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] [Fwd: Root CA ( SSL ) of Web Service]
Hello Bruno, Can we create a self-signed SSL Certificate for testing purposes by using the following ( tools ) ? http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz Edward. Bruno Teixeira wrote: Edward, the SSLCertificateChainFile directive should indicate a file with both the root and intermediate certificates. http://certs.ipsca.com/support Take care. Bruno Teixeira [EMAIL PROTECTED] wrote: Original Message Subject: Root CA ( SSL ) of Web Service Date: Wed, 21 Feb 2007 18:11:51 +0800 From: [EMAIL PROTECTED] Reply-To: For users of Fedora [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Dear All, For apache 2.x, which command Syntax for Root CA ? SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt Edwad. -- fedora-list mailing list [EMAIL PROTECTED] To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] [Fwd: Root CA ( SSL ) of Web Service]
Hello, What different between ( self-signed SSL Certificate for testing purposes ) #selfcertand ( create and use my own Certificate Authority ) ? #ownca Edward. Bruno Teixeira wrote: Hi, http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#selfcert [EMAIL PROTECTED] wrote: Hello Bruno, Can we create a self-signed SSL Certificate for testing purposes by using the following ( tools ) ? http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz Edward. Bruno Teixeira wrote: Edward, the SSLCertificateChainFile directive should indicate a file with both the root and intermediate certificates. http://certs.ipsca.com/support Take care. Bruno Teixeira [EMAIL PROTECTED] wrote: Original Message Subject: Root CA ( SSL ) of Web Service Date: Wed, 21 Feb 2007 18:11:51 +0800 From: [EMAIL PROTECTED] Reply-To: For users of Fedora [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Dear All, For apache 2.x, which command Syntax for Root CA ? SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt Edwad. -- fedora-list mailing list [EMAIL PROTECTED] To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] [Fwd: Root CA ( SSL ) of Web Service]
Hello, So, which type of SSL ( free of charge ) is suitable for us ? Or just use the tools of ssl.ca-0.1.tar.gz for create the key under the Web Service ? Edward. Bruno Teixeira wrote: The second one is to create a separate CA and have it sign your certificate. You will need the SSLCertificateChainFile directive. Just follow the sef-signed howto for tests and later, if you create a certifica at a certified CA, add the SSLCertificateChainFile directive. [EMAIL PROTECTED] wrote: Hello, What different between ( self-signed SSL Certificate for testing purposes ) #selfcertand ( create and use my own Certificate Authority ) ? #ownca Edward. Bruno Teixeira wrote: Hi, http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#selfcert [EMAIL PROTECTED] wrote: Hello Bruno, Can we create a self-signed SSL Certificate for testing purposes by using the following ( tools ) ? http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz Edward. Bruno Teixeira wrote: Edward, the SSLCertificateChainFile directive should indicate a file with both the root and intermediate certificates. http://certs.ipsca.com/support Take care. Bruno Teixeira [EMAIL PROTECTED] wrote: Original Message Subject: Root CA ( SSL ) of Web Service Date: Wed, 21 Feb 2007 18:11:51 +0800 From: [EMAIL PROTECTED] Reply-To: For users of Fedora [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Dear All, For apache 2.x, which command Syntax for Root CA ? SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt Edwad. -- fedora-list mailing list [EMAIL PROTECTED] To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
