Boyle Owen wrote: >> -----Original Message----- >> From: J. Bakshi [mailto:joydeep@xxxxxxxxxxxxxxx] >> Sent: Tuesday, December 01, 2009 10:53 AM >> To: users@xxxxxxxxxxxxxxxx >> Subject: Re: how to get multiple SSL with name >> based vhost ? >> >> ... >> >> Thank for your response. your assumption is correct. I am >> working in an >> environment where the domain name is same. Hence I am using the same >> certificate. But the problem is with port. apache >> complaining if it see >> more name based vhost with port 443. I was using the config as below >> > > I think you are just getting a *warning* - if you test the sites it should "work"... > > That is to say, you will get an SSL session with the cert from VH1 then if you request site1 all will be OK (no browser warnings sice site1 matches cert1). If you request site2, you will get a browser warning since site2 doesn't match cert1, but otherwise the request should succeed (since the SSL session is up by this time, apache can decrypt the request, get the Host header and so go to the appropriate VH). > > If this is not happening, post back with a description of what *is* happening... > Hello Boyle, Thanks for your kind response. I have just activated my second SSL connection to generate the logs. Here it is ` ` ` [Tue Dec 01 11:38:31 2009] [warn] Init: SSL server IP/port conflict: www.example1.de:443 (/etc/apache2/vhosts.d/blevti.opendingo.de.conf:34) vs. example2.in:443 (/etc/apache2/vhosts.d/phpmyadmin.conf:5) [Tue Dec 01 11:38:31 2009] [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!! ` ` ` What happen now, the second vhost SSL does not complain but it goes to the first vhost SSL and " apache2ctl -S" displays the first one as the default one. ` ` ` > Rgds, > Owen Boyle > Disclaimer: Any disclaimer attached to this message may be ignored. > > >> ` ` ` ` >> Listen 443 >> NameVirtualHost example1.de:443 >> >> <VirtualHost example1:443> >> SSLEngine on >> SSLCipherSuite HIGH:MEDIUM >> SSLProtocol all -SSLv2 >> SSLCertificateFile /etc/apache2/myca/mars-server.crt >> SSLCertificateKeyFile /etc/apache2/myca/mars-server.key >> SSLCertificateChainFile /etc/apache2/myca/my-ca.crt >> ServerName https://example1.de >> ServerAlias https://example1.de >> >> DocumentRoot /srv/www/htdocs/blevti.opendingo.de >> DirectoryIndex index.php >> </VirtualHost> >> >> >> NameVirtualHost example2.de:443 >> <VirtualHost example2:443> >> SSLEngine on >> SSLCipherSuite HIGH:MEDIUM >> SSLProtocol all -SSLv2 >> SSLCertificateFile /etc/apache2/myca/mars-server.crt >> SSLCertificateKeyFile /etc/apache2/myca/mars-server.key >> SSLCertificateChainFile /etc/apache2/myca/my-ca.crt >> ServerName https://example2.de >> ServerAlias https://example2.de >> >> DocumentRoot /srv/www/htdocs/example2.de >> DirectoryIndex index.php >> </VirtualHost> >> ` ` ` ` >> >> but no luck >> >> -- >> জয়দীপ বক্সী >> >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP >> Server Project. >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> >> > > This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. > The sender's company reserves the right to monitor all e-mail communications through their networks. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > -- জয়দীপ বক্সী --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx