[users@httpd] Virt Host not Working under SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I am running Apache 2. I am quite familiar with 1 and 2, but I am having a
odd problem with the Virtual Hosts on my Apache 2 server. All of the domains
run off of a single domain.

Here is what is baffling me. I have 3 virt host records in ssl.conf. When
accessing any of the domains through http, they all display fine. One of the
3 domains has always had a cert, and it worked. However, the other two
recently needed SSL as well. 

I am using basically an unedited version of ssl.conf, a side from the
modifications of the virtual host directives.

The odd part is, when I access the domains with https://, it pulls the
proper file, so it using the correct doc root for each directive, however,
it throws a SSL cert warning that the cert name doesn't match the domain
name. Upon viewing it, it is saying the name is the cert from the first SSL
virt host directive. This is quite reminiscent of when a domain not configed
properly in apache will default to the first entry that uses the same IP the
FQND is assigned to.

So what is so baffling to me is when accessing the domain via https:// it
does pull up the proper website, but Apache looks like it is defaulting to
the key/crt pair of the first entry.

I've viewed each key/cert to make sure somehow an exact copy wasn't
overwritten another. They are all unique.

Please let me know what the problem is here. I have never experienced this
under Apache1.3.

Below is the ssl.conf (I've only edited the file names and IP ever so
slightly. I 100% assure you there were no typos that would concern us as to
what the real file names were). The certs are from freessl.com 's RapidSSL.
I have mentioned 3 domains, but I scrapped the directive for the third one
until I can get it working with just 2.

ssl.conf -------------------------------------
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

<IfDefine SSL>

#
# When we also provide SSL we have to listen to the 
# standard HTTP port (see above) and to the HTTPS port
#
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
#       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
#
Listen 443

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#
#   Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism 
#   to use and second the expiring timeout (in seconds).
#SSLSessionCache        none
#SSLSessionCache        shmht:/usr/local/httpd/logs/ssl_scache(512000)
#SSLSessionCache        shmcb:/usr/local/httpd/logs/ssl_scache(512000)
SSLSessionCache         dbm:/usr/local/httpd/logs/ssl_scache
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization. 
SSLMutex  file:/usr/local/httpd/logs/ssl_mutex

##
## SSL Virtual Host Context
##
NameVirtualHost 67.15.107.000:443
<VirtualHost 67.15.107.000:443>
DocumentRoot "/www/cftb.com"
ServerName www.cftb.com:443
ServerAdmin admin@xxxxxxxx
ErrorLog /usr/local/httpd/logs/error_log
TransferLog /usr/local/httpd/logs/access_log
SSLEngine On
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/httpd/conf/ssl.crt/cftb.com.crt
SSLCertificateKeyFile /usr/local/httpd/conf/ssl.key/cftb.com.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/httpd/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog /usr/local/httpd/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>                                  
<VirtualHost 67.15.107.000:443>
DocumentRoot "/www/50b.com"
ServerName www.50b.com:443
ServerAdmin admin@xxxxxxx
ErrorLog /usr/local/httpd/logs/error_log
TransferLog /usr/local/httpd/logs/access_log
SSLEngine On
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/httpd/conf/ssl.crt/50b.com.crt
SSLCertificateKeyFile /usr/local/httpd/conf/ssl.key/50b.com.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/httpd/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0  
CustomLog /usr/local/httpd/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>






---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux