Boyle Owen wrote: >> -----Original Message----- >> From: J. Bakshi [mailto:joyd...@infoservices.in] >> Sent: Tuesday, December 01, 2009 10:53 AM >> To: users@httpd.apache.org >> Subject: Re: [us...@httpd] how to get multiple SSL with name >> based vhost ? >> >> ... >> >> Thank for your response. your assumption is correct. I am >> working in an >> environment where the domain name is same. Hence I am using the same >> certificate. But the problem is with port. apache >> complaining if it see >> more name based vhost with port 443. I was using the config as below >> > > I think you are just getting a *warning* - if you test the sites it should > "work"... > > That is to say, you will get an SSL session with the cert from VH1 then if > you request site1 all will be OK (no browser warnings sice site1 matches > cert1). If you request site2, you will get a browser warning since site2 > doesn't match cert1, but otherwise the request should succeed (since the SSL > session is up by this time, apache can decrypt the request, get the Host > header and so go to the appropriate VH). > > If this is not happening, post back with a description of what *is* > happening... >
Hello Boyle, Thanks for your kind response. I have just activated my second SSL connection to generate the logs. Here it is ` ` ` [Tue Dec 01 11:38:31 2009] [warn] Init: SSL server IP/port conflict: www.example1.de:443 (/etc/apache2/vhosts.d/blevti.opendingo.de.conf:34) vs. example2.in:443 (/etc/apache2/vhosts.d/phpmyadmin.conf:5) [Tue Dec 01 11:38:31 2009] [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!! ` ` ` What happen now, the second vhost SSL does not complain but it goes to the first vhost SSL and " apache2ctl -S" displays the first one as the default one. ` ` ` > Rgds, > Owen Boyle > Disclaimer: Any disclaimer attached to this message may be ignored. > > >> ` ` ` ` >> Listen 443 >> NameVirtualHost example1.de:443 >> >> <VirtualHost example1:443> >> SSLEngine on >> SSLCipherSuite HIGH:MEDIUM >> SSLProtocol all -SSLv2 >> SSLCertificateFile /etc/apache2/myca/mars-server.crt >> SSLCertificateKeyFile /etc/apache2/myca/mars-server.key >> SSLCertificateChainFile /etc/apache2/myca/my-ca.crt >> ServerName https://example1.de >> ServerAlias https://example1.de >> >> DocumentRoot /srv/www/htdocs/blevti.opendingo.de >> DirectoryIndex index.php >> </VirtualHost> >> >> >> NameVirtualHost example2.de:443 >> <VirtualHost example2:443> >> SSLEngine on >> SSLCipherSuite HIGH:MEDIUM >> SSLProtocol all -SSLv2 >> SSLCertificateFile /etc/apache2/myca/mars-server.crt >> SSLCertificateKeyFile /etc/apache2/myca/mars-server.key >> SSLCertificateChainFile /etc/apache2/myca/my-ca.crt >> ServerName https://example2.de >> ServerAlias https://example2.de >> >> DocumentRoot /srv/www/htdocs/example2.de >> DirectoryIndex index.php >> </VirtualHost> >> ` ` ` ` >> >> but no luck >> >> -- >> জয়দীপ বক্সী >> >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP >> Server Project. >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> " from the digest: users-digest-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> >> > > This message is for the named person's use only. It may contain confidential, > proprietary or legally privileged information. If you receive this message in > error, please notify the sender urgently and then immediately delete the > message and any copies of it from your system. Please also immediately > destroy any hardcopies of the message. > The sender's company reserves the right to monitor all e-mail communications > through their networks. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > > -- জয়দীপ বক্সী --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
