[users@httpd] Apache 2 and SSL on server with multiple IPs, SSL won't load...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 
Hey gang. I've got a problem that's been giving me fits for the past several days and I just can't figure out what's wrong. Here's the situation:
I've got an Apple Xserve, with a standard install of Apache 2.0.55 with mod_ssl. The server has 2 IP addresses assigned to it, lets call them foo.dartmouth.edu and bar.dartmouth.edu. I've also got 2 instances of Apache configured to run, since I believe I need to do IP-based virtual hosting to accomplish what I need: foo is an HTTP server and bar needs to be an HTTP/HTTPS server.
We have a key file and a Dartmouth-signed certificate built for bar.dartmouth.edu and I'm using an ssl.conf file that looks like this: 

----------------
#SSL.CONF for bar.dartmouth.edu

Listen 129.170.xxx.yyy:443
SSLEngine on

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:-SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/bar.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/bar.key
SSLCACertificatePath /usr/local/apache2/conf/ssl.crt
SSLVerifyClient optional
SSLVerifyDepth  5

SSLPassPhraseDialog  builtin
SSLSessionCache dbm:/usr/local/apache2/logs/ssl_scache
SSLSessionCacheTimeout 300

AcceptMutex flock
LockFile /usr/local/apache2/logs/httpd.lock
SSLMutex  file:/usr/local/apache2/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

<VirtualHost 129.170.xxx.yyy:443>
    DocumentRoot "/Library/WebServer/Documents"
    ServerName bar.dartmouth.edu
    ServerAdmin webmaster@xxxxxxxxxxxxx

    ErrorLog /usr/local/apache2/logs/error_log
    TransferLog /usr/local/apache2/logs/access_log
    CustomLog /usr/local/apache2/logs/ssl_request_log \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
----------------


When I try to launch Apache with this config file, I get this in my logs/error_log:
[Fri Jan 20 13:09:36 2006] [warn] RSA server certificate CommonName (CN) `bar.dartmouth.edu' does NOT match server name!? [Fri Jan 20 13:09:36 2006] [error] Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!)
I think these errors are trying to point me in the right direction, but I just don't know enough about mod_ssl to know what direction that is. Given that the HTTP responder on port 80 works just fine for bar.dartmouth.edu, I can't see how there could be confusion over the CommonName.
Can someone help me decipher this and figure out why I can't get my SSL instance running? Is there something I'm just not setting in my ssl.conf file? Is there more info that I need to post? Things are getting a little desperate for us with this server, so any help I can get would be most appreciated. Thanks. 

-Brian
----
Brian V. Hughes
Associate Director for Web Operations (aka. Webmaster)
Computing Technical Services
Dartmouth College

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux