[users@httpd] Virtual Hosts and SSL Puzzler

I have 3 virtual hosts that for all I can see are configured identically other the the obviously needed differences. The same is true of the 3 crt files. ServerName public.mydomain.com DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /etc/httpd/SSL/public

Re: [users@httpd] Virtual Hosts and SSL Puzzler

Sorry, brevity is not my strong point. Because I do not know what your certs look like as far as what domain(s) are considered CNs I'm going to guess it has something to do with the following... SSL wraps http and you need a cert to decrypt the data sent via SSL. If you have 3 virtual host

Re: [users@httpd] Virtual Hosts and SSL Puzzler

On Tue, Oct 22, 2013 at 08:26:57AM -0400, Dennis Putnam wrote: > I get a gray globe indicating > partial encryption which does not prevent eavesdropping. I have no clue > how to debug this or even where to look. Can someone point me in the > right direction? Thanks. This is usually indicative of a

[users@httpd] Interactive PDF Pages

This is probably a dumb questions; however, I am in the process of setting up a web site for out town. They want the site to support the use of interactive PDF forms. I think I am explaining that correctly. Those PDF files are created using Adobe Acrobat and allow a user to click on a field in the

Re: [users@httpd] Virtual Hosts and SSL Puzzler

On 10/22/2013 9:10 AM, Chris Gordon wrote: > Sorry, brevity is not my strong point. > > Because I do not know what your certs look like as far as what > domain(s) are considered CNs I'm going to guess it has something to do > with the following... > > SSL wraps http and you need a cert to decr

Re: [users@httpd] Virtual Hosts and SSL Puzzler

On Tue, Oct 22, 2013 at 9:10 AM, Chris Gordon wrote: > SSL wraps http and you need a cert to decrypt the data sent via SSL. If > you have 3 virtual hosts and you are using Name Based Virtual Hosting how > does the Apache web server know which cert to use to decrypt and read the > header so it c

Re: [users@httpd] Virtual Hosts and SSL Puzzler

On 10/22/2013 9:12 AM, Pete Houston wrote: > On Tue, Oct 22, 2013 at 08:26:57AM -0400, Dennis Putnam wrote: >> I get a gray globe indicating >> partial encryption which does not prevent eavesdropping. I have no clue >> how to debug this or even where to look. Can someone point me in the >> right di

Re: [users@httpd] Virtual Hosts and SSL Puzzler

On Tue, Oct 22, 2013 at 9:39 AM, Dennis Putnam wrote: > Thanks. That might make more sense (at least to me). After more reading, > I am not sure that I don't have SNI capable version of httpd already > installed (how do I tell?). The pages that work are very simple but the > one that doesn't is

Re: [users@httpd] Virtual Hosts and SSL Puzzler

On 10/22/2013 9:44 AM, Yehuda Katz wrote: > On Tue, Oct 22, 2013 at 9:39 AM, Dennis Putnam > wrote: > > Thanks. That might make more sense (at least to me). After more > reading, > I am not sure that I don't have SNI capable version of httpd already > ins

Re: [users@httpd] Virtual Hosts and SSL Puzzler

If the sites you are referencing allow you to access them over https, that will solve the problem. My prefered solution is to omit the http: altogether. If a url just starts with "//example.com/rest/of/url", the browser will use the appropriate protocol automatically. - Y On Tue, Oct 22, 2013 at

Re: [users@httpd] Virtual Hosts and SSL Puzzler

I think the previous poster, I shift deleted the mail but I think it is a prominent poster here 'Pete Houston' who had a very good point. It could just be that you have mixed content. You can use a development mode of a browser to find any links to http content, that will certainly break the p

Re: [users@httpd] Virtual Hosts and SSL Puzzler

On Tue, Oct 22, 2013 at 10:08 AM, Chris Gordon wrote: > To answer your questions: > *"Doesn't the SSLCertificate parameter for each VH say which cert to use*? > > > Yes, but how does Apache know which VH to get the cert from until it has > used a cert to decrypt the SSL? It just used the first

Re: [users@httpd] Virtual Hosts and SSL Puzzler

On 10/22/2013 10:03 AM, Yehuda Katz wrote: > If the sites you are referencing allow you to access them over https, > that will solve the problem. > My prefered solution is to omit the http: altogether. If a url just > starts with "//example.com/rest/of/url > ", the b

Re: [users@httpd] Virtual Hosts and SSL Puzzler

Thank you for the enlightenment Yehuda! I must not be meeting one of the SNI prerequisites (maybe LD_LIBRARY_PATH, maybe TLS Extensions) because I get a warning message on startup about using * and Name Based Hosting with SSL. I have a secure workaround so as long as it works and security is

[users@httpd] wrong certs

I two virtual hosts on different ports specify different certificate files, but use the same ServerName, both ports use the same certificate. Is this expected behavior? With this config: Listen *:424 https ServerName A SSLCertificateFile 1.crt Listen *:444 https ServerName A SSLCertificateF

Re: [users@httpd] wrong certs

Hello. For sure have you not forgotten specifying option SSLCertificateKeyFile ? What is the url you are using? If you use https://localost:424 instead of https://a:424, you can get weird results. I can also try it, if your problem persists. My last several years is full of creating and u

Re: [users@httpd] wrong certs

The certificates are specified in port based virtual hosts, there is no NameVirtualHost here. So I would expect the specified certificate to be served on the corresponding port no matter what host header was passed. On Tue, Oct 22, 2013 at 4:50 PM, Jan Vávra wrote: > Hello. > For sure have yo