[users@httpd] SSL And Virtual Hosts

Mon, 13 Mar 2006 06:27:38 -0800

I've been using Apache 1.3 for a while now with several name-based virtual hosts (my server has only one IP). Recently, I have begun testing the use of SSL, which is entirely new territory for me. But I seem to be running into a couple problems.
First thing I notice is that my ssl_engine log yells at me and says I should not use name-based virtual hosts with SSL. If this is the case, what would one recommend? What is the "right way" to do it? 


During testing of my name-based virtual hosts with SSL, I am using two 
of my hosted domains.  One of them, the main default domain for my site, 
seems to work, except that in my browser (FireFox) the lock icon is 
broken, so it seems to not be working from the client side.  But no more 
info is given as to why that is the case.



The second domain I'm testing seems to be encrypting fine between the 
client and server, but when it issues the self-signed cert it sends the 
wrong one (the one for the default domain).



Can anyone explain to me what is probably wrong and what the right way 
to do things would be?



For reference, here is the VirtualHosts section of my mod_ssl.conf file:

NameVirtualHost *:443

<VirtualHost *:443>
  DocumentRoot "/home/www/.www"
  ServerName www.cyber0ne.com
  ServerAlias cyber0ne.com
  DirectoryIndex index.aspx index.asp index.html index.htm index.php
  HostnameLookups On
  ServerAdmin [EMAIL PROTECTED]
  ErrorLog /var/log/apache/ssl_error_log
  LogLevel warn
  TransferLog /var/log/apache/ssl_access_log
  SSLEngine on

  SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

  SSLCertificateFile /etc/apache/ssl.crt/cyber0ne.cert
  SSLCertificateKeyFile /etc/apache/ssl.key/cyber0ne.key
  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
      SSLOptions +StdEnvVars
  </Files>

  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown 
downgrade-1.0 force-response-1.0
  LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\" 
\"%{User-Agent}i\"" combined

  CustomLog /var/log/apache/ssl_access_log combined
</VirtualHost>

<VirtualHost *:443>
  DocumentRoot "/home/www/.www/webusers/newharvest"
  ServerName www.newharvestchristians.org
  ServerAlias newharvestchristians.org
  DirectoryIndex index.aspx index.asp index.html index.htm index.php
  HostnameLookups On
  ServerAdmin [EMAIL PROTECTED]
  ErrorLog /var/log/apache/www.newharvestchristians.org-ssl_error_log
  LogLevel warn
  TransferLog /var/log/apache/www.newharvestchristians.org-ssl_access_log
  SSLEngine on

  SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

  SSLCertificateFile /etc/apache/ssl.crt/newharvestchristians.cert
  SSLCertificateKeyFile /etc/apache/ssl.key/newharvestchristians.key
  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
      SSLOptions +StdEnvVars
  </Files>

  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown 
downgrade-1.0 force-response-1.0
  LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\" 
\"%{User-Agent}i\"" combined
  CustomLog /var/log/apache/www.newharvestchristians.org-ssl_access_log 
combined

</VirtualHost>

<VirtualHost *:443>
  DocumentRoot "/home/www/.www/webusers/newharvest/ftp"
  ServerName ftp.newharvestchristians.org
  DirectoryIndex index.aspx index.asp index.html index.htm index.php
  HostnameLookups On
  ServerAdmin [EMAIL PROTECTED]
  ErrorLog /var/log/apache/www.newharvestchristians.org-ssl_error_log
  LogLevel warn
  TransferLog /var/log/apache/www.newharvestchristians.org-ssl_access_log
  SSLEngine on

  SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

  SSLCertificateFile /etc/apache/ssl.crt/newharvestchristians.cert
  SSLCertificateKeyFile /etc/apache/ssl.key/newharvestchristians.key
  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
      SSLOptions +StdEnvVars
  </Files>

  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown 
downgrade-1.0 force-response-1.0
  LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\" 
\"%{User-Agent}i\"" combined
  CustomLog /var/log/apache/www.newharvestchristians.org-ssl_access_log 
combined

</VirtualHost>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to