Re: [users@httpd] apache and ssl

[Dave Henderson <dhenderson@xxxxxxxxxxxxxxxx>]

I do have two NameVirtualHost definitions:
  
  NameVirtualHost 192.168.0.12:80
  NameVirtualHost 192.168.0.13:443
  
  On my firewall, I have port 80 traffic going to 192.168.0.12 and 443  traffic going to 192.168.0.13.  Both ip's are used on the same  server by way of assigning multiple ip addresses to one nic.   Should I change my vhost definitions to use on the 192.168.0.12 ip  address instead of using the two shown above?
  
  Thanks,
  Dave
  
  

Pid <p@xxxxxxxxxxx> wrote:

Does anyone else think that this is wrong?

SSLCertificateFile /etc/apache2/ssl/certs/sitename.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/keys/sitename.com.key
>> SSLCACertificateFile /etc/apache2/ssl/root/sitename.com.crt

It looks like you're telling it that the Certificate Authority is the
same file as the Certificate itself. I could be wrong tho.



As regards to the VHost defs: it depends what you've got in front of the
server in the way of DNS or loadbalancers.

Your domain name can only resolve to point at one IP address (unless
you're using load balancers or proxies etc etc). So any request for the
SSL port of demo.sitename.com is going to arrive at the same IP as the
port 80 connection.

http://demo.sitename.com > IP1
https://demo.sitename.com > Still IP1


(Have you set "NameVirtualHost" or not?)



Dave Henderson wrote:
> I am wondering if the virtual host definitions are wrong. Can I do the
> following (even though the ServerName options have the same value)? Can
> I use the IP addresses like I have done below?
>
>
>
> ServerAdmin webmaster@xxxxxxxxxxxx
> ServerName demo.sitename.com
> DocumentRoot /var/www/sitename.com/demo
>
> # This should be changed to whatever you set DocumentRoot to.
>
> Options Indexes Includes
> AllowOverride Options
> Order allow,deny
> Allow from all
>
> ErrorLog /var/log/apache2/sitename.com/demo/error.log
> CustomLog /var/log/apache2/sitename.com/demo/access.log common
> CustomLog /var/log/apache2/sitename.com/demo/referer.log referer
> CustomLog /var/log/apache2/sitename.com/demo/agent.log agent
>
> # Possible values: debug, info, notice, warn, error, crit,
> alert, emerg.
> LogLevel warn
>
> ServerSignature On
>
>
>
>
> ServerAdmin webmaster@xxxxxxxxxxxx
> ServerName demo.sitename.com
> DocumentRoot /var/www/sitename.com/demo/ssl
>
> # SSL specifications
> SSLEngine On
> SSLCertificateFile /etc/apache2/ssl/certs/sitename.com.crt
> SSLCertificateKeyFile /etc/apache2/ssl/keys/sitename.com.key
> SSLCACertificateFile /etc/apache2/ssl/root/sitename.com.crt
> SSLCipherSuite SSLv2:+HIGH:+MEDIUM
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
>
> # SSLVerifyClient require
> # SSLVerifyDepth 1
> # CustomLog /var/log/apache2/ssl \ "%t %h %{SSL_PROTOCOL}x
> %{SSL_CIPHER}x$
> #
> # SSLCipherSuite SSLv2:+HIGH:+MEDIUM
> # SSLVerifyClient require
> # SSLVerifyDepth 1
> #
>
> # This should be changed to whatever you set DocumentRoot to.
>
> Options Indexes Includes
> AllowOverride Options
> Order allow,deny
> Allow from all
>
> ErrorLog /var/log/apache2/sitename.com/demo/error.log
> CustomLog /var/log/apache2/sitename.com/demo/access.log common
> CustomLog /var/log/apache2/sitename.com/demo/referer.log referer
> CustomLog /var/log/apache2/sitename.com/demo/agent.log agent
>
> # Possible values: debug, info, notice, warn, error, crit,
> alert, emerg.
> LogLevel warn
>
> ServerSignature On
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx