> -----Original Message-----
> From: Bill Angus [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, May 02, 2006 3:25 PM
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] Question about setting up secure service
>
> Dear All: sorry for the length of this -- I am an SSL newbie
> and need a bit of install advice.
>
> We have a windows environment, and have installed
> Apache2.0.55 with SSL support plus openSSL. We have one
> dedicated IP address which is currently shared by two
> name-based virtual hosts. I want to set up a secure
> subdirectory of one of these domains, in which I can place my
> e-commerce web-store (and later, possibly some online
> services). My router is assigned to forward the incoming port
> 80 and port 443 to the box with IP 192.168.1.2 which has apache on it.
>
> I bought a certificate from a CA and attempted to set up the
> SSL.conf to give me another virtual server -- but so far no
> joy. I can't seem to get port 443 virtual service
> https://www.psychtest.com to work alongside port 80 service
> http://www.psychtest.com
>
> The instructions from the CA I dealt with were brief, and
> upon following them, the setup didn't work.
You have to define *precisely* what you mean by "no joy", "can't get to work",
"didn't work" and other vagueosities... Did you get browser alerts? Did the
pages load? 404? 401? 500? No connection? What?
It is essential to understand in detail what happens before any attempt can be
made at debugging.
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
> A call to their
> customer support indicates that the CA lets me secure a
> specific subdomain, BUT they also want a unique dedicated
> internet ip address before letting me secure a "subdomain"
> with one of their certs.
>
> Is there a different CA or some way I can to secure a
> subdirectory or subdomain without getting another dedicated
> IP address? Can anybody tell me what is the best way to set up for us?
>
> below is my ssl.conf
> ------------------------------------------------
> <IfDefine SSL>
>
> Listen 443
>
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl .crl
>
> SSLPassPhraseDialog builtin
>
> SSLSessionCache dbm:logs/ssl_scache
> SSLSessionCacheTimeout 300
>
> SSLMutex file:logs/ssl_mutex
>
> <VirtualHost 192.168.1.2:443>
> #<VirtualHost *:443> (doesn't work)
> #<VirtualHost _default_:443>
>
> DocumentRoot "C:/Homepage/secure"
>
> <Directory "C:/Homepage/secure">
> SSLRequireSSL
> Options Indexes FollowSymLinks
> AllowOverride None
> Order allow,deny
> Allow from all
> </Directory>
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> # 3 fiels sent to me from the CA
> SSLCertificateFile C:/Homepage/Certs/www.psychtest.com.crt
> SSLCertificateKeyFile C:/Homepage/Certs/MyCertifcate.key
> SSLCertificateChainFile C:/Homepage/Certs/sf_issuing.crt
>
> SSLVerifyDepth 5
>
> <FilesMatch "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars
> </FilesMatch>
> <Directory "C:\Program Files\Apache Group\Apache2\cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> CustomLog logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> </VirtualHost>
>
> </IfDefine>
>
>
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a
private and personal nature. It is not related to the exchange or business
activities of the SWX Group. Le présent e-mail est un message privé et
personnel, sans rapport avec l'activité boursière du Groupe SWX.
This message is for the named person's use only. It may contain confidential,
proprietary or legally privileged information. No confidentiality or privilege
is waived or lost by any mistransmission. If you receive this message in error,
please notify the sender urgently and then immediately delete the message and
any copies of it from your system. Please also immediately destroy any
hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended
recipient. The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this message are
those of the individual sender, except where the message states otherwise and
the sender is authorised to state them to be the views of the sender's company.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
