Yes I do have both working. But on the vhost side since the Name is different than the SSL ServerName the certificate is not a valid cert. I believe there is no way around this because the certificate is base on ServerName but thought I'd ask. Keith
----- Original Message ----- From: "Keith L. Stephenson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 22, 2002 10:37 AM Subject: Re: [SL] SSL & vhost receipi, was Re: Securing SQL-Ledger access > Does this allow 1 certificate to work for all the VirtualHost? > Keith > > ----- Original Message ----- > From: "Ho-Sheng Hsiao" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, July 19, 2002 12:42 PM > Subject: [SL] SSL & vhost receipi, was Re: Securing SQL-Ledger access > > > > Roderick, > > > > I do not know if anyone answered your question. > > > > You see, the SSL and vhosting are actually two seperate parts. The > > configration for the SSL portion binds port 443 (https) to the SSL. By > > telling adding the port to the VirtualHost side, Apache automagically > > reroutes the virtual host through the SSL engine. > > > > I am assuming by the way you wrote your message, you have succeeded > > in getting SSL working, and you have working vhost stuff already. You > > are using httpd.conf style and using name-based vhosting, yes? Try > > this > > > > <VirtualHost 10.0.0.128:443> > > Servername www.https-server.com > > ServerAlias https-server.com > > DocumentRoot /home/https-server/public_html/ > > ErrorDocument 404 /missing.html > > CustomLog /home/https-server/log/access_log common > > ErrorLog /home/https-server/log/error_log > > </VirtualHost> > > > > > > The above is if you want to seperate the https portion from the http. > > If you want the https to go to the same exact site as the http > > version, using something like > > > > <VirtualHost 10.0.0.128:*> > > > > Works too. Myself, since I never want to access SQL-ledger from the > > regular port, I have something like > > > > <VirtualHost 10.0.0.128:443> > > Servername ledger.intranet > > ServerAlias ledger > > DocumentRoot /home/backoffice/sql-ledger/ > > ErrorDocument 404 /missing.html > > CustomLog /home/backoffice/log/access_log common > > ErrorLog /home/backoffice/log/error_log > > RewriteEngine On > > RewriteRule ^$ login.pl [L,R] > > RewriteRule ^/index.html$ login.pl [L,R] > > </VirtualHost> > > > > <VirtualHost 10.0.0.128:80> > > Servername ledger.intranet > > ServerAlias ledger > > DocumentRoot /home/backoffice/redirect_html/ > > RewriteEngine On > > RewriteRule ^$ https://ledger.intranet/ [L,R] > > </VirtualHost> > > > > In this case, if someone in the office accidentally typed > > "http://ledger"; then it will automagically redirect to > > "https://ledger";, forcing an SSL session. You could always use a PHP > > script, or even a regular front page giving someone an Authorized > > Users Only notice, and an https link. Flexibility -- fun. > > > > The above also works for IP-based virtual servers. Just change the ip. > > > > <VirtualHost 10.0.0.128:80> > > Servername ledger1 > > </VirtualHost> > > <VirtualHost 10.0.0.129:80> > > Servername ledger2 > > </VirtualHost > > <VirtualHost 10.0.0.128:443> > > Servername secure-ledger1 > > </VirtualHost> > > <VirtualHost 10.0.0.129:443> > > Servername sercure-ledger2 > > </VirtualHost> > > > > Obviously, the above is missing a lot. I only want to highlight what > > you can do with the VirtualHost directive. > > > > The default httpd.conf should come with an example that starts with > > > > <VirtualHost _default_:*> > > > > > > This works for the 1.x series. I havn't played around with the 2.x > > stuff. I think from the above examples, you can get a feel for how > > it's put together. > > > > I should archive this and dump it on my website somewhere. Yeah. > > Qaexl's Server Cookbook. Let me know how I can better communicate all > > of this to you in a clearer way. > > > > Enjoy. > > > > -Qaexl- > > > > > > ------------------------------------------------------- > > This sf.net email is sponsored by:ThinkGeek > > Welcome to geek heaven. > > http://thinkgeek.com/sf > > ------------------------------------------------------- > > (un)subscribe: > http://lists.sourceforge.net/lists/listinfo/sql-ledger-users > > Archive: http://www.mail-archive.com/[email protected]/ > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > ------------------------------------------------------- > (un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users > Archive: http://www.mail-archive.com/[email protected]/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------- (un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users Archive: http://www.mail-archive.com/[email protected]/
