Date: Tue, 22 Oct 2013 08:26:57 -0400
From: d...@bellsouth.net
To: users@httpd.apache.org
Subject: [users@httpd] Virtual Hosts and SSL Puzzler
I have 3 virtual hosts that for all I can see are configured identically
other the the obviously needed differences. The same is true of the 3
:00 AM, Tushar Chavan
tushar.cha...@hotmail.comwrote:
Date: Tue, 22 Oct 2013 08:26:57 -0400
From: d...@bellsouth.net
To: users@httpd.apache.org
Subject: [users@httpd] Virtual Hosts and SSL Puzzler
I have 3 virtual hosts that for all I can see are configured identically
other
I have 3 virtual hosts that for all I can see are configured identically
other the the obviously needed differences. The same is true of the 3
crt files.
VirtualHost *:443
ServerName public.mydomain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile
Sorry, brevity is not my strong point.
Because I do not know what your certs look like as far as what domain(s) are
considered CNs I'm going to guess it has something to do with the following...
SSL wraps http and you need a cert to decrypt the data sent via SSL. If you
have 3 virtual
On Tue, Oct 22, 2013 at 08:26:57AM -0400, Dennis Putnam wrote:
I get a gray globe indicating
partial encryption which does not prevent eavesdropping. I have no clue
how to debug this or even where to look. Can someone point me in the
right direction? Thanks.
This is usually indicative of a
On 10/22/2013 9:10 AM, Chris Gordon wrote:
Sorry, brevity is not my strong point.
Because I do not know what your certs look like as far as what
domain(s) are considered CNs I'm going to guess it has something to do
with the following...
SSL wraps http and you need a cert to decrypt
On Tue, Oct 22, 2013 at 9:10 AM, Chris Gordon cgor...@aires.com wrote:
SSL wraps http and you need a cert to decrypt the data sent via SSL. If
you have 3 virtual hosts and you are using Name Based Virtual Hosting how
does the Apache web server know which cert to use to decrypt and read the
On 10/22/2013 9:12 AM, Pete Houston wrote:
On Tue, Oct 22, 2013 at 08:26:57AM -0400, Dennis Putnam wrote:
I get a gray globe indicating
partial encryption which does not prevent eavesdropping. I have no clue
how to debug this or even where to look. Can someone point me in the
right direction?
On Tue, Oct 22, 2013 at 9:39 AM, Dennis Putnam d...@bellsouth.net wrote:
Thanks. That might make more sense (at least to me). After more reading,
I am not sure that I don't have SNI capable version of httpd already
installed (how do I tell?). The pages that work are very simple but the
one
On 10/22/2013 9:44 AM, Yehuda Katz wrote:
On Tue, Oct 22, 2013 at 9:39 AM, Dennis Putnam d...@bellsouth.net
mailto:d...@bellsouth.net wrote:
Thanks. That might make more sense (at least to me). After more
reading,
I am not sure that I don't have SNI capable version of httpd
If the sites you are referencing allow you to access them over https, that
will solve the problem.
My prefered solution is to omit the http: altogether. If a url just starts
with //example.com/rest/of/url, the browser will use the appropriate
protocol automatically.
- Y
On Tue, Oct 22, 2013 at
I think the previous poster, I shift deleted the mail but I think it is a
prominent poster here 'Pete Houston' who had a very good point. It could just
be that you have mixed content. You can use a development mode of a browser to
find any links to http content, that will certainly break the
On Tue, Oct 22, 2013 at 10:08 AM, Chris Gordon cgor...@aires.com wrote:
To answer your questions:
*Doesn't the SSLCertificate parameter for each VH say which cert to use*?
Yes, but how does Apache know which VH to get the cert from until it has
used a cert to decrypt the SSL? It just used
On 10/22/2013 10:03 AM, Yehuda Katz wrote:
If the sites you are referencing allow you to access them over https,
that will solve the problem.
My prefered solution is to omit the http: altogether. If a url just
starts with //example.com/rest/of/url
http://example.com/rest/of/url, the browser
Thank you for the enlightenment Yehuda!
I must not be meeting one of the SNI prerequisites (maybe LD_LIBRARY_PATH,
maybe TLS Extensions) because I get a warning message on startup about using
*port and Name Based Hosting with SSL. I have a secure workaround so as long
as it works and
15 matches
Mail list logo