Depending on the NAT'ing router you're using (e.g., Netopia 46xx series), you could always setup multiple static NATs, one for each of the multiple IP's you've assigned to your RH box. To do this, you'll need to multi-home the NIC in your RH box: http://www.tldp.org/HOWTO/Net-HOWTO/x1227.html then setup the static NATs on the router. Cheers! -----Original Message----- From: Brett Franck [mailto:bfranck@xxxxxxxxxxxxxxxxx] Sent: Tuesday, November 11, 2003 1:50 PM To: redhat-list@xxxxxxxxxx Subject: Re: Apache Virtual Server Settings and SSL Certificate Issue ----- Original Message ----- From: "Frederic Herman" <fherman@xxxxxxxxxxxxxxx> To: <redhat-list@xxxxxxxxxx> Sent: Tuesday, November 11, 2003 11:58 AM Subject: Re: Apache Virtual Server Settings and SSL Certificate Issue > Brett Franck wrote: > > >Little off topic, maybe, but I have like 8 aliases setup in my virtual > >server settings...I'll only show one for brevity. The Main Domain of the > >server is working fine...issuing SSL cert properly for > >https://www.perfectnetusa.com but when I pull up https://perfectnetusa.com > >or any of my other domains, the certificate for > >https://www.perfectnetusa.com always get's issued. All the CONF files are > >setup correctly (httpd.conf, ssl.conf) but doesn't seem to be working. > >Directories are present and have the keys in them for the appropriate > >domains....Any ideas? > > > >EXAMPLE: (ssl.conf) > > > ><VirtualHost 192.168.1.50:443> > >DocumentRoot "/var/www/franckwebc" > >ServerName www.franckweb.com:443 > >ServerAdmin bfranck@xxxxxxxxxxxxx > >ErrorLog /var/log/franckweb.com-ssl_error_log > >TransferLog /var/log/franckweb.com-ssl_access_log > >SSLEngine on > >SSLCipherSuite > >ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > >SSLCertificateFile /etc/httpd/conf/wwwfranckwebcom_ssl.crt/server.crt > >SSLCertificateKeyFile /etc/httpd/conf/wwwfranckwebcom_ssl.key/server.key > ><Files ~ "\.(cgi|shtml|phtml|php3?)$"> > > SSLOptions +StdEnvVars > ></Files> > ><Directory "/var/www/cgi-bin"> > > SSLOptions +StdEnvVars > ></Directory> > >SetEnvIf User-Agent ".*MSIE.*" \ > > nokeepalive ssl-unclean-shutdown \ > > downgrade-1.0 force-response-1.0 > >CustomLog logs/ssl_request_log \ > > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > ></VirtualHost> > > > > > >EXAMPLE: (httpd.conf) > > > ><VirtualHost 192.168.1.50:80> > >ServerName www.franckweb.com > >DocumentRoot /var/www/franckwebc > >ErrorLog /var/log/franckweb.com-error_log > >CustomLog /var/log/franckweb.com-access_log common > ></VirtualHost> > > > > > >This would be the stuff for https://www.franckweb.com Here's the stuff that > >I used to write the cert file for www.franckweb.com > > > > > > > > > >cd /etc/httpd/conf/wwwfranckwebcom_ssl.key > >openssl genrsa -des3 -passout pass:<SNIPPASSWORD> -rand > >key1.txt:key2.txt:key3.txt:key4.txt -out server.key 1024 > >openssl rsa -in server.key -out server.pem -passin pass:<SNIPPASSWORD> > >rm -f server.key > >mv -f server.pem server.key > >openssl req -new -subj > >/C=US/ST=Illinois/L=Roselle/O="FranckwebCom"/OU=FranckwebCom/CN=www.franckw e > >b.com/emailAddress="bfranck@xxxxxxxxxxxxx" -key server.key -out > >server.csr -batch > >openssl x509 -req -days 90 -in server.csr -signkey server.key -out > >server.crt > >mv -f server.csr ../wwwfranckwebcom_ssl.csr/server.csr > >mv -f server.crt ../wwwfranckwebcom_ssl.crt/server.crt > > > > > > > >It all looks to complete OK for each cert file, but when I > >https://www.franckweb.com I get the CRT for https://www.perfectnetusa.com > >(also configured exactly the same way as this domain.......) > > > >Brett > > > > > > > > > > > > > I believe that you will need a seperate ip for each virtual host. That > is, you have to do virtual hosts by ip, not by name with Apache. I > think it has something to do with ssl doing it's thing before the > connection being passed to apache. If this is not the case, I'd like to > know about it. > > Fred > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > After much searching I have found that you may be correct. I'm not sure how to do that considering I am behind a NAT router forwarding port 80 and 443 requests to a single host IP address.....maybe it cannot be done? Brett -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
