Also, if you choose to go with a non-wildcard cert, you can actually run several virtual hosts on the same IP, using different certs for each vhost, but then you are forced to run SSL over a non-standard port. At that point, you need to tell Apache to listen on that port, and configure each of your virtual hosts to listen on both port 80 and whatever port you assign it for SSL transactions. SSL binds to a particular socket, so it's a combination of IP + port number that is unique.
And, it's always necessary to have a separate and complete set of configuration directives for each port that a vhost runs under.
Rob Frode E. Moe wrote:
On Tue, Nov 28, 2006 at 09:09:20 +0000, Steve Swift wrote:Where should I go to learn about configuring Virtual Hosts and SSL in the same apache? I have virtual hosts woking using "NameVirtualHost *:80" SSL works for the Virtual Hosts *I* have defined But in the (default) ssl.conf file installed with apache I find: <VirtualHost _default_:443> SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key ... (other, less interesting lines) </VirtualHost> What puzzles me is this: The VirtualHost definition above seems to be working as SSL is finding the Certificate File (otherwise how would SSL work at all?) How is this VirtualHost definition working in conjunction with "NameVirtualHost *:80" ?You need a separate IP for each SSL virtualhost, since SSL certificates are exchanged before any HTTP headers (especially the Host: header) are transferred. So my guess is that apache just picks the first SSL certificate applicable for a given IP. In other words, it makes no sense to use NameVirtualHost for SSL / port 443. I don't think your *:80 stuff makes any difference either way as that sould be independent of anything on :443.
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx