Does anyone else think that this is wrong?
SSLCertificateFile /etc/apache2/ssl/certs/sitename.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/keys/sitename.com.key
>> SSLCACertificateFile /etc/apache2/ssl/root/sitename.com.crt
It looks like you're telling it that the Certificate Authority is the
same file as the Certificate itself. I could be wrong tho.
As regards to the VHost defs: it depends what you've got in front of the
server in the way of DNS or loadbalancers.
Your domain name can only resolve to point at one IP address (unless
you're using load balancers or proxies etc etc). So any request for the
SSL port of demo.sitename.com is going to arrive at the same IP as the
port 80 connection.
http://demo.sitename.com > IP1
https://demo.sitename.com > Still IP1
(Have you set "NameVirtualHost" or not?)
Dave Henderson wrote:
> I am wondering if the virtual host definitions are wrong. Can I do the
> following (even though the ServerName options have the same value)? Can
> I use the IP addresses like I have done below?
>
>
> <VirtualHost 192.168.0.12:80>
> ServerAdmin webmaster@xxxxxxxxxxxx
> ServerName demo.sitename.com
> DocumentRoot /var/www/sitename.com/demo
>
> # This should be changed to whatever you set DocumentRoot to.
> <Directory /var/www/sitename.com/demo>
> Options Indexes Includes
> AllowOverride Options
> Order allow,deny
> Allow from all
> </Directory>
> ErrorLog /var/log/apache2/sitename.com/demo/error.log
> CustomLog /var/log/apache2/sitename.com/demo/access.log common
> CustomLog /var/log/apache2/sitename.com/demo/referer.log referer
> CustomLog /var/log/apache2/sitename.com/demo/agent.log agent
>
> # Possible values: debug, info, notice, warn, error, crit,
> alert, emerg.
> LogLevel warn
>
> ServerSignature On
> </VirtualHost>
>
>
> <VirtualHost 192.168.0.13:443>
> ServerAdmin webmaster@xxxxxxxxxxxx
> ServerName demo.sitename.com
> DocumentRoot /var/www/sitename.com/demo/ssl
>
> # SSL specifications
> SSLEngine On
> SSLCertificateFile /etc/apache2/ssl/certs/sitename.com.crt
> SSLCertificateKeyFile /etc/apache2/ssl/keys/sitename.com.key
> SSLCACertificateFile /etc/apache2/ssl/root/sitename.com.crt
> SSLCipherSuite SSLv2:+HIGH:+MEDIUM
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
>
> # SSLVerifyClient require
> # SSLVerifyDepth 1
> # CustomLog /var/log/apache2/ssl \ "%t %h %{SSL_PROTOCOL}x
> %{SSL_CIPHER}x$
> # <Location /ssl>
> # SSLCipherSuite SSLv2:+HIGH:+MEDIUM
> # SSLVerifyClient require
> # SSLVerifyDepth 1
> # </Location>
>
> # This should be changed to whatever you set DocumentRoot to.
> <Directory /var/www/sitename.com/demo/ssl>
> Options Indexes Includes
> AllowOverride Options
> Order allow,deny
> Allow from all
> </Directory>
> ErrorLog /var/log/apache2/sitename.com/demo/error.log
> CustomLog /var/log/apache2/sitename.com/demo/access.log common
> CustomLog /var/log/apache2/sitename.com/demo/referer.log referer
> CustomLog /var/log/apache2/sitename.com/demo/agent.log agent
>
> # Possible values: debug, info, notice, warn, error, crit,
> alert, emerg.
> LogLevel warn
>
> ServerSignature On
> </VirtualHost>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|