Configuring Apache for two SSL sites

I'm currently trying to set up two different websites for my company
and both will be using SSL. I'm using Websphere 5.0 and IHS server.
I set up the first site using the default port 443 and it works just
fine. I'm having trouble, though with the second SSL site. I'm
trying to use aliases to separate the site since I don't want to
redirect the actual domain names while testing. For instance, my
first test site is as follows:

https://lab-server/firstsite

The site comes up comes up just fine.

But the second site has a problem when set up to use a different port
(490).

https://lab-server:490/secondsite - but I keep getting 404 errors.

I realize that once this goes live it will be https://firstsite.com
and https://secondsite.com but I'm trying to set it up this way for
testing. So my questions are:

- can you set up more than one site which use ssl on the same server
(IHS or Apache in this case)
- If so, what is the best way to go about setting this up in a test
environment.
- how do I set up an alias which websphere can run jsp files and IHS
static files.
- Any, absolutely ANY, insight would be appreciated.

Mac wrote:
> I'm currently trying to set up two different websites for my company
> and both will be using SSL. I'm using Websphere 5.0 and IHS server.
> I set up the first site using the default port 443 and it works just
> fine. I'm having trouble, though with the second SSL site. I'm
> trying to use aliases to separate the site since I don't want to
> redirect the actual domain names while testing. For instance, my
> first test site is as follows:

AFAIK it' s not possible to share one IP adress for more than one SSL
site. You need one IP per certificate.

Possible Solution would be one SSL site with aliases to the directories
of your 2 sites.

For instance: https://sslhost/site1 and http://sslhost/site2

Please would somebody correct me if I am wrong.

you could try:

https://www.domain.co.uk/ which listens on port 443
https://www.domain2.co.uk:444/ which listens on port 444

as I have this same kind of setup for a customer and works :)

"Mario Schmidt" <mario.schmidt-nojunkmail@mediavillage.de> wrote in message news:3f8c5408$0$15694$9b622d9e@news.freenet.de...
> Mac wrote:
> > I'm currently trying to set up two different websites for my company
> > and both will be using SSL. I'm using Websphere 5.0 and IHS server.
> > I set up the first site using the default port 443 and it works just
> > fine. I'm having trouble, though with the second SSL site. I'm
> > trying to use aliases to separate the site since I don't want to
> > redirect the actual domain names while testing. For instance, my
> > first test site is as follows:
>
> AFAIK it' s not possible to share one IP adress for more than one SSL
> site. You need one IP per certificate.
>
> Possible Solution would be one SSL site with aliases to the directories
> of your 2 sites.
>
> For instance: https://sslhost/site1 and http://sslhost/site2
>
> Please would somebody correct me if I am wrong.
>

Webmaster (Nemesis Services) wrote:

> you could try:
>
> https://www.domain.co.uk/ which listens on port 443
> https://www.domain2.co.uk:444/ which listens on port 444
>
> as I have this same kind of setup for a customer and works :)

AFAIK you have to use your own singed certificates, then. Trusted
Signers only care about the IP Adress. So you need one IP for each SSL
Host. This IP can be used for other Domains, too. But not for more than
one SSL Host each.

EHH NOOO Trusted Signers do NOT care about the IP Address




"Mario Schmidt" <mario.schmidt-nojunkmail@mediavillage.de> wrote in message news:3f8d318f$0$12476$9b622d9e@news.freenet.de...
> Webmaster (Nemesis Services) wrote:
>
> > you could try:
> >
> > https://www.domain.co.uk/ which listens on port 443
> > https://www.domain2.co.uk:444/ which listens on port 444
> >
> > as I have this same kind of setup for a customer and works :)
>
> AFAIK you have to use your own singed certificates, then. Trusted
> Signers only care about the IP Adress. So you need one IP for each SSL
> Host. This IP can be used for other Domains, too. But not for more than
> one SSL Host each.
>

Webmaster (Nemesis Services) wrote:

> EHH NOOO Trusted Signers do NOT care about the IP Address

VeriSign told me another story.

Why not use aliasmatch and scriptaliasmatch in your apache ssl
configuration, (for lab-server), this way, you can sub the cert properly
without port changes.

AliasMatch ^/lab-server/seconsite/(.*)
/home/virtual/secondsite/var/www/html/$1
ScriptAliasMatch ^/secondsite/cgi-bin/(.*)
/home/virtual/secondsite/var/www/cgi-bin/$1

This way
https://lab-server/secondsite/blah should work using the same
certificate and port. I run 12 domains like this under one cert. You
can put as many aliases as you have requirements for.

Mac wrote:
> I'm currently trying to set up two different websites for my company
> and both will be using SSL. I'm using Websphere 5.0 and IHS server.
> I set up the first site using the default port 443 and it works just
> fine. I'm having trouble, though with the second SSL site. I'm
> trying to use aliases to separate the site since I don't want to
> redirect the actual domain names while testing. For instance, my
> first test site is as follows:
>
> https://lab-server/firstsite
>
> The site comes up comes up just fine.
>
> But the second site has a problem when set up to use a different port
> (490).
>
> https://lab-server:490/secondsite - but I keep getting 404 errors.
>
> I realize that once this goes live it will be https://firstsite.com
> and https://secondsite.com but I'm trying to set it up this way for
> testing. So my questions are:
>
> - can you set up more than one site which use ssl on the same server
> (IHS or Apache in this case)
> - If so, what is the best way to go about setting this up in a test
> environment.
> - how do I set up an alias which websphere can run jsp files and IHS
> static files.
> - Any, absolutely ANY, insight would be appreciated.

Why not use aliasmatch and scriptaliasmatch in your apache ssl
configuration, (for lab-server), this way, you can sub the cert properly
without port changes.

AliasMatch ^/secondsite/(.*) /home/virtual/secondsite/var/www/html/$1
ScriptAliasMatch ^/secondsite/cgi-bin/(.*)
/home/virtual/secondsite/var/www/cgi-bin/$1

This way
https://lab-server/secondsite/blah should work using the same
certificate and port. I run 12 domains like this under one cert. You
can put as many aliases as you have requirements for. Trying to
implement different ports for testing is asking for more trouble than
it's worth if you don't know apache and ssl like the back of your hand.
And I certainly don't, but I did stay at a Holiday Inn Express last night!

Mac wrote:

> I'm currently trying to set up two different websites for my company
> and both will be using SSL. I'm using Websphere 5.0 and IHS server.
I set up the first site using the default port 443 and it works just
> fine. I'm having trouble, though with the second SSL site. I'm
> trying to use aliases to separate the site since I don't want to
> redirect the actual domain names while testing. For instance, my
> first test site is as follows:
>
> https://lab-server/firstsite
>
> The site comes up comes up just fine.
>
> But the second site has a problem when set up to use a different port
> (490).
>
> https://lab-server:490/secondsite - but I keep getting 404 errors.
>
> I realize that once this goes live it will be https://firstsite.com
> and https://secondsite.com but I'm trying to set it up this way for
> testing. So my questions are:
>
> - can you set up more than one site which use ssl on the same server
> (IHS or Apache in this case)
> - If so, what is the best way to go about setting this up in a test
> environment.
> - how do I set up an alias which websphere can run jsp files and IHS
> static files.
> - Any, absolutely ANY, insight would be appreciated.

It's not the trusted signer that cares about the IP address per ssl
connection, it's the protocol and limitations of ssl that do.


http://httpd.apache.org/docs/vhosts/name-based.html

Name-based virtual hosting is usually simpler, since you need only
configure your DNS server to map each hostname to the correct IP address
and then configure the Apache HTTP Server to recognize the different
hostnames. Name-based virtual hosting also eases the demand for scarce
IP addresses. Therefore you should use name-based virtual hosting unless
there is a specific reason to choose IP-based virtual hosting. Some
reasons why you might consider using IP-based virtual hosting:

---------------------------------------------------------------------
->Name-based virtual hosting cannot be used with SSL secure servers
because of the nature of the SSL protocol.
---------------------------------------------------------------------


Mario Schmidt wrote:
> Webmaster (Nemesis Services) wrote:
>
>> EHH NOOO Trusted Signers do NOT care about the IP Address
>
>
> VeriSign told me another story.
>

> VeriSign told me another story.

Arghhhh... get away from those people and start using a real c/s entity.
(they're always fos!).

They are the equivalent of al-quaida on internet.