I believe that you will need a seperate ip for each virtual host. That is, you have to do virtual hosts by ip, not by name with Apache. I think it has something to do with ssl doing it's thing before the connection being passed to apache. If this is not the case, I'd like to know about it.Little off topic, maybe, but I have like 8 aliases setup in my virtual server settings...I'll only show one for brevity. The Main Domain of the server is working fine...issuing SSL cert properly for https://www.perfectnetusa.com but when I pull up https://perfectnetusa.com or any of my other domains, the certificate for https://www.perfectnetusa.com always get's issued. All the CONF files are setup correctly (httpd.conf, ssl.conf) but doesn't seem to be working. Directories are present and have the keys in them for the appropriate domains....Any ideas?
EXAMPLE: (ssl.conf)
<VirtualHost 192.168.1.50:443> DocumentRoot "/var/www/franckwebc" ServerName www.franckweb.com:443 ServerAdmin bfranck@xxxxxxxxxxxxx ErrorLog /var/log/franckweb.com-ssl_error_log TransferLog /var/log/franckweb.com-ssl_access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/conf/wwwfranckwebcom_ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/wwwfranckwebcom_ssl.key/server.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>
EXAMPLE: (httpd.conf)
<VirtualHost 192.168.1.50:80> ServerName www.franckweb.com DocumentRoot /var/www/franckwebc ErrorLog /var/log/franckweb.com-error_log CustomLog /var/log/franckweb.com-access_log common </VirtualHost>
This would be the stuff for https://www.franckweb.com Here's the stuff that I used to write the cert file for www.franckweb.com
cd /etc/httpd/conf/wwwfranckwebcom_ssl.key openssl genrsa -des3 -passout pass:<SNIPPASSWORD> -rand key1.txt:key2.txt:key3.txt:key4.txt -out server.key 1024 openssl rsa -in server.key -out server.pem -passin pass:<SNIPPASSWORD> rm -f server.key mv -f server.pem server.key openssl req -new -subj /C=US/ST=Illinois/L=Roselle/O="FranckwebCom"/OU=FranckwebCom/CN=www.franckwe b.com/emailAddress="bfranck@xxxxxxxxxxxxx" -key server.key -out server.csr -batch openssl x509 -req -days 90 -in server.csr -signkey server.key -out server.crt mv -f server.csr ../wwwfranckwebcom_ssl.csr/server.csr mv -f server.crt ../wwwfranckwebcom_ssl.crt/server.crt
It all looks to complete OK for each cert file, but when I https://www.franckweb.com I get the CRT for https://www.perfectnetusa.com (also configured exactly the same way as this domain.......)
Brett
Fred
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
