----- Original Message ----- From: "L. Christopher Luther" <CLuther@xxxxxxxxxxxxx> To: <redhat-list@xxxxxxxxxx> Sent: Tuesday, November 11, 2003 1:33 PM Subject: RE: Apache Virtual Server Settings and SSL Certificate Issue > Depending on the NAT'ing router you're using (e.g., Netopia 46xx series), > you could always setup multiple static NATs, one for each of the multiple > IP's you've assigned to your RH box. To do this, you'll need to multi-home > the NIC in your RH box: Using a Linksys, but I have a Netopia @ work.....maybe I'll "trade" LOL > > http://www.tldp.org/HOWTO/Net-HOWTO/x1227.html Thanks...that helps some more. > > then setup the static NATs on the router. > > > Cheers! > > > -----Original Message----- > From: Brett Franck [mailto:bfranck@xxxxxxxxxxxxxxxxx] > Sent: Tuesday, November 11, 2003 1:50 PM > To: redhat-list@xxxxxxxxxx > Subject: Re: Apache Virtual Server Settings and SSL Certificate Issue > > > > ----- Original Message ----- > From: "Frederic Herman" <fherman@xxxxxxxxxxxxxxx> > To: <redhat-list@xxxxxxxxxx> > Sent: Tuesday, November 11, 2003 11:58 AM > Subject: Re: Apache Virtual Server Settings and SSL Certificate Issue > > > > Brett Franck wrote: > > > > >Little off topic, maybe, but I have like 8 aliases setup in my virtual > > >server settings...I'll only show one for brevity. The Main Domain of the > > >server is working fine...issuing SSL cert properly for > > >https://www.perfectnetusa.com but when I pull up > https://perfectnetusa.com > > >or any of my other domains, the certificate for > > >https://www.perfectnetusa.com always get's issued. All the CONF files > are > > >setup correctly (httpd.conf, ssl.conf) but doesn't seem to be working. > > >Directories are present and have the keys in them for the appropriate > > >domains....Any ideas? > > > > > >EXAMPLE: (ssl.conf) > > > > > ><VirtualHost 192.168.1.50:443> > > >DocumentRoot "/var/www/franckwebc" > > >ServerName www.franckweb.com:443 > > >ServerAdmin bfranck@xxxxxxxxxxxxx > > >ErrorLog /var/log/franckweb.com-ssl_error_log > > >TransferLog /var/log/franckweb.com-ssl_access_log > > >SSLEngine on > > >SSLCipherSuite > > >ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > >SSLCertificateFile /etc/httpd/conf/wwwfranckwebcom_ssl.crt/server.crt > > >SSLCertificateKeyFile /etc/httpd/conf/wwwfranckwebcom_ssl.key/server.key > > ><Files ~ "\.(cgi|shtml|phtml|php3?)$"> > > > SSLOptions +StdEnvVars > > ></Files> > > ><Directory "/var/www/cgi-bin"> > > > SSLOptions +StdEnvVars > > ></Directory> > > >SetEnvIf User-Agent ".*MSIE.*" \ > > > nokeepalive ssl-unclean-shutdown \ > > > downgrade-1.0 force-response-1.0 > > >CustomLog logs/ssl_request_log \ > > > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > > ></VirtualHost> > > > > > > > > >EXAMPLE: (httpd.conf) > > > > > ><VirtualHost 192.168.1.50:80> > > >ServerName www.franckweb.com > > >DocumentRoot /var/www/franckwebc > > >ErrorLog /var/log/franckweb.com-error_log > > >CustomLog /var/log/franckweb.com-access_log common > > ></VirtualHost> > > > > > > > > >This would be the stuff for https://www.franckweb.com Here's the stuff > that > > >I used to write the cert file for www.franckweb.com > > > > > > > > > > > > > > >cd /etc/httpd/conf/wwwfranckwebcom_ssl.key > > >openssl genrsa -des3 -passout pass:<SNIPPASSWORD> -rand > > >key1.txt:key2.txt:key3.txt:key4.txt -out server.key 1024 > > >openssl rsa -in server.key -out server.pem -passin pass:<SNIPPASSWORD> > > >rm -f server.key > > >mv -f server.pem server.key > > >openssl req -new -subj > > > >/C=US/ST=Illinois/L=Roselle/O="FranckwebCom"/OU=FranckwebCom/CN=www.franckw > e > > >b.com/emailAddress="bfranck@xxxxxxxxxxxxx" -key server.key -out > > >server.csr -batch > > >openssl x509 -req -days 90 -in server.csr -signkey server.key -out > > >server.crt > > >mv -f server.csr ../wwwfranckwebcom_ssl.csr/server.csr > > >mv -f server.crt ../wwwfranckwebcom_ssl.crt/server.crt > > > > > > > > > > > >It all looks to complete OK for each cert file, but when I > > >https://www.franckweb.com I get the CRT for https://www.perfectnetusa.com > > >(also configured exactly the same way as this domain.......) > > > > > >Brett > > > > > > > > > > > > > > > > > > > > I believe that you will need a seperate ip for each virtual host. That > > is, you have to do virtual hosts by ip, not by name with Apache. I > > think it has something to do with ssl doing it's thing before the > > connection being passed to apache. If this is not the case, I'd like to > > know about it. > > > > Fred > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > After much searching I have found that you may be correct. I'm not sure how > to do that considering I am behind a NAT router forwarding port 80 and 443 > requests to a single host IP address.....maybe it cannot be done? > > Brett > > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
