----- Original Message ----- From: "Frederic Herman" <fherman@xxxxxxxxxxxxxxx> To: <redhat-list@xxxxxxxxxx> Sent: Tuesday, November 11, 2003 11:58 AM Subject: Re: Apache Virtual Server Settings and SSL Certificate Issue > Brett Franck wrote: > > >Little off topic, maybe, but I have like 8 aliases setup in my virtual > >server settings...I'll only show one for brevity. The Main Domain of the > >server is working fine...issuing SSL cert properly for > >https://www.perfectnetusa.com but when I pull up https://perfectnetusa.com > >or any of my other domains, the certificate for > >https://www.perfectnetusa.com always get's issued. All the CONF files are > >setup correctly (httpd.conf, ssl.conf) but doesn't seem to be working. > >Directories are present and have the keys in them for the appropriate > >domains....Any ideas? > > > >EXAMPLE: (ssl.conf) > > > ><VirtualHost 192.168.1.50:443> > >DocumentRoot "/var/www/franckwebc" > >ServerName www.franckweb.com:443 > >ServerAdmin bfranck@xxxxxxxxxxxxx > >ErrorLog /var/log/franckweb.com-ssl_error_log > >TransferLog /var/log/franckweb.com-ssl_access_log > >SSLEngine on > >SSLCipherSuite > >ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > >SSLCertificateFile /etc/httpd/conf/wwwfranckwebcom_ssl.crt/server.crt > >SSLCertificateKeyFile /etc/httpd/conf/wwwfranckwebcom_ssl.key/server.key > ><Files ~ "\.(cgi|shtml|phtml|php3?)$"> > > SSLOptions +StdEnvVars > ></Files> > ><Directory "/var/www/cgi-bin"> > > SSLOptions +StdEnvVars > ></Directory> > >SetEnvIf User-Agent ".*MSIE.*" \ > > nokeepalive ssl-unclean-shutdown \ > > downgrade-1.0 force-response-1.0 > >CustomLog logs/ssl_request_log \ > > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > ></VirtualHost> > > > > > >EXAMPLE: (httpd.conf) > > > ><VirtualHost 192.168.1.50:80> > >ServerName www.franckweb.com > >DocumentRoot /var/www/franckwebc > >ErrorLog /var/log/franckweb.com-error_log > >CustomLog /var/log/franckweb.com-access_log common > ></VirtualHost> > > > > > >This would be the stuff for https://www.franckweb.com Here's the stuff that > >I used to write the cert file for www.franckweb.com > > > > > > > > > >cd /etc/httpd/conf/wwwfranckwebcom_ssl.key > >openssl genrsa -des3 -passout pass:<SNIPPASSWORD> -rand > >key1.txt:key2.txt:key3.txt:key4.txt -out server.key 1024 > >openssl rsa -in server.key -out server.pem -passin pass:<SNIPPASSWORD> > >rm -f server.key > >mv -f server.pem server.key > >openssl req -new -subj > >/C=US/ST=Illinois/L=Roselle/O="FranckwebCom"/OU=FranckwebCom/CN=www.franckw e > >b.com/emailAddress="bfranck@xxxxxxxxxxxxx" -key server.key -out > >server.csr -batch > >openssl x509 -req -days 90 -in server.csr -signkey server.key -out > >server.crt > >mv -f server.csr ../wwwfranckwebcom_ssl.csr/server.csr > >mv -f server.crt ../wwwfranckwebcom_ssl.crt/server.crt > > > > > > > >It all looks to complete OK for each cert file, but when I > >https://www.franckweb.com I get the CRT for https://www.perfectnetusa.com > >(also configured exactly the same way as this domain.......) > > > >Brett > > > > > > > > > > > > > I believe that you will need a seperate ip for each virtual host. That > is, you have to do virtual hosts by ip, not by name with Apache. I > think it has something to do with ssl doing it's thing before the > connection being passed to apache. If this is not the case, I'd like to > know about it. > > Fred > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > After much searching I have found that you may be correct. I'm not sure how to do that considering I am behind a NAT router forwarding port 80 and 443 requests to a single host IP address.....maybe it cannot be done? Brett -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
