On Sun, Jun 15, 2008 at 9:37 AM, Khalid Schofield <[EMAIL PROTECTED]> wrote: > Running openbsd 4.0 and apache 1.3 . I've loads of virtual hosts on > apache and I'm now running apache from rc.conf.local with: > httpd_flads "-u -DSSL" .
That probably is a typo and in your rc.conf.local it would read httpd_flags? Besides that, you would probably serve yourself with an upgrade to the latest and greatest (4.3) and do so before you upgrade your web apps. > Now what? I only want server.crt to be used for one of my virtual hosts. That will cost you a bunch of IP addresses, one for each distinct SSL virtual host. You could start by not using the _default_:443 virtual host. If you want to make sure none of your other virtual hosts accidentally get served via the https port, place each individual SSL'd virtual host on a separate IP address. There is not really a way around that. Virtual hosts work by the information from the "Host: $virtual_host" header being available. For SSL connections, the crypto work needs to be done before you get that information (which requires you to choose your virtual host already to select keys, certificates, etc.). > I've tried all sorts but it doesn't seem to work when I try to connect to 443. Have you tried the usual batch of: + properly connected cables + apache error log upon startup + ps output listing the httpd processes + netstat output listing you have a listener to the https port + firewall rules (tcpdump and pflog0 can come in very handy) > Also apachectl restart doesn't ask for the certificate password. But a > reboot does. apachectl startssl doesn't ask either. If you're switching to chrooted operation soon, you should probably use stop/start and not restart just to get into the right habit. If httpd does suprising things, you will want to read its error log. > I've decided to comment out the certificates for the time being. You don't really want to do that, given that the server will not automagically load the certificates out of thin air. You'll want to make sure that the server can open the files, etc. Again, such is usually listed in your httpd's error log. If you see error numbers that do not directly make sense to you, check with errno(2). Hopefully this helps tracking down the problem, Rogier -- If you don't know where you're going, any road will get you there.
