On Sun, 15 Jun 2008, Rogier Krieger wrote:
On Sun, Jun 15, 2008 at 9:37 AM, Khalid Schofield
<[EMAIL PROTECTED]> wrote:
Running openbsd 4.0 and apache 1.3 . I've loads of virtual hosts on
apache and I'm now running apache from rc.conf.local with:
httpd_flads "-u -DSSL" .
That probably is a typo and in your rc.conf.local it would read
httpd_flags? Besides that, you would probably serve yourself with an
upgrade to the latest and greatest (4.3) and do so before you upgrade
your web apps.
Now what? I only want server.crt to be used for one of my virtual hosts.
That will cost you a bunch of IP addresses, one for each distinct SSL
virtual host. You could start by not using the _default_:443 virtual
host.
If you want to make sure none of your other virtual hosts accidentally
get served via the https port, place each individual SSL'd virtual
host on a separate IP address. There is not really a way around that.
Virtual hosts work by the information from the "Host: $virtual_host"
header being available. For SSL connections, the crypto work needs to
be done before you get that information (which requires you to choose
your virtual host already to select keys, certificates, etc.).
Ok but I should be able to re-use the default host on the box though
right? Make the default host the website url.?
I've tried all sorts but it doesn't seem to work when I try to connect to 443.
Have you tried the usual batch of:
+ properly connected cables
yes thanks... a hint of sarcasm?
+ apache error log upon startup
+ ps output listing the httpd processes
thanks
+ netstat output listing you have a listener to the https port
+ firewall rules (tcpdump and pflog0 can come in very handy)
or just having something on port 443 indeed which I've not.
Also apachectl restart doesn't ask for the certificate password. But a
reboot does. apachectl startssl doesn't ask either.
If you're switching to chrooted operation soon, you should probably
use stop/start and not restart just to get into the right habit. If
httpd does suprising things, you will want to read its error log.
I've decided to comment out the certificates for the time being.
You don't really want to do that, given that the server will not
automagically load the certificates out of thin air. You'll want to
make sure that the server can open the files, etc.
So nothign useful here.
Again, such is
usually listed in your httpd's error log. If you see error numbers
that do not directly make sense to you, check with errno(2).
Hopefully this helps tracking down the problem,
Rogier
well thanks for your words Rogier. Lots of texts. Guessing the useful bit
to grep out is _default_:443
Will go back to google. Enjoy your sunday thanks for the test message.
--
If you don't know where you're going, any road will get you there.
