First thing I notice is that my ssl_engine log yells at me and says I should not use name-based virtual hosts with SSL. If this is the case, what would one recommend? What is the "right way" to do it?
During testing of my name-based virtual hosts with SSL, I am using two of my hosted domains. One of them, the main default domain for my site, seems to work, except that in my browser (FireFox) the lock icon is broken, so it seems to not be working from the client side. But no more info is given as to why that is the case.
The second domain I'm testing seems to be encrypting fine between the client and server, but when it issues the self-signed cert it sends the wrong one (the one for the default domain).
Can anyone explain to me what is probably wrong and what the right way to do things would be?
For reference, here is the VirtualHosts section of my mod_ssl.conf file: NameVirtualHost *:443 <VirtualHost *:443> DocumentRoot "/home/www/.www" ServerName www.cyber0ne.com ServerAlias cyber0ne.com DirectoryIndex index.aspx index.asp index.html index.htm index.php HostnameLookups On ServerAdmin ddonahue@xxxxxxxxxxx ErrorLog /var/log/apache/ssl_error_log LogLevel warn TransferLog /var/log/apache/ssl_access_log SSLEngine onSSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache/ssl.crt/cyber0ne.cert
SSLCertificateKeyFile /etc/apache/ssl.key/cyber0ne.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
CustomLog /var/log/apache/ssl_access_log combined </VirtualHost> <VirtualHost *:443> DocumentRoot "/home/www/.www/webusers/newharvest" ServerName www.newharvestchristians.org ServerAlias newharvestchristians.org DirectoryIndex index.aspx index.asp index.html index.htm index.php HostnameLookups On ServerAdmin ddonahue@xxxxxxxxxxx ErrorLog /var/log/apache/www.newharvestchristians.org-ssl_error_log LogLevel warn TransferLog /var/log/apache/www.newharvestchristians.org-ssl_access_log SSLEngine onSSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache/ssl.crt/newharvestchristians.cert
SSLCertificateKeyFile /etc/apache/ssl.key/newharvestchristians.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
CustomLog /var/log/apache/www.newharvestchristians.org-ssl_access_log
combined
</VirtualHost> <VirtualHost *:443> DocumentRoot "/home/www/.www/webusers/newharvest/ftp" ServerName ftp.newharvestchristians.org DirectoryIndex index.aspx index.asp index.html index.htm index.php HostnameLookups On ServerAdmin ddonahue@xxxxxxxxxxx ErrorLog /var/log/apache/www.newharvestchristians.org-ssl_error_log LogLevel warn TransferLog /var/log/apache/www.newharvestchristians.org-ssl_access_log SSLEngine onSSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache/ssl.crt/newharvestchristians.cert
SSLCertificateKeyFile /etc/apache/ssl.key/newharvestchristians.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
CustomLog /var/log/apache/www.newharvestchristians.org-ssl_access_log
combined
</VirtualHost> --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|