Please help! Mixing named virtual host and ip-based SSL

This is a discussion on Please help! Mixing named virtual host and ip-based SSL within the Apache Web Server forums, part of the Web Server and Related Forums category; Hi, I have read lot of topic and I couldn't resolve the issue I have with my apache-ssl-...


Go Back   Usenet Forums > Web Server and Related Forums > Apache Web Server

Reload this Page Please help! Mixing named virtual host and ip-based SSL

FAQ Members List Calendar Search Today's Posts Mark Forums Read

 

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 11-12-2003
Prince Kumar
 
Posts: n/a
Default Please help! Mixing named virtual host and ip-based SSL
Hi,

I have read lot of topic and I couldn't resolve the issue I have with
my apache-ssl-virtualhost configuration!

I am running a few name-based virtual hosts on port 80 using a
wildcard in the NameVirtualHosts directive.

I now want to add an SSL virtual host on port 443. I know that I can't
have name-based virtual hosts with SSL. I just need the one and I have
another ip for this.

I created a self-signed crertificate as mentioned in one of the
documents. When I try to browse the server , I get the "Page cannot be
displayed error". I do not see anything on the ssl_* log. If I remove
the "s" from https, I can access the page.

How do I find the cause of the error and correct it. Can anyone points
me to the direct direction?

Thanks,
Prince.

httpd.conf (only portion related to the virtual hostS)
================================================== ====

NameVirtualHost 68.yy.yy.yy1:80
NameVirtualHost 68.yy.yy.yy2:80

<VirtualHost \
68.yy.yy.yy1:80 \
68.yy.yy.yy2:80 \
>

VirtualDocumentRoot /var/www/html/%0
VirtualScriptAlias /var/www/cgi-bin/%0
</VirtualHost>

<IfModule mod_ssl.c>

<VirtualHost 69.xx.xx.xx:443>
ServerName www.xxx.com
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
UseCanonicalName Off
DocumentRoot /var/www/html
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
<Directory />
SSLRequireSSL
Options FollowSymLinks
AllowOverride None
</Directory>
</VirtualHost>

</IfModule>

========================== end
httpd.conf==============================

------------ verify ssl connection from command prompt ------------
% openssl s_client -connect 69.xx.xx.xx:443

CONNECTED(00000003)
depth=0 /C=US/ST=California/L=San Jose/O=...
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=California/L=San Jose/O=....
verify error:num=7:certificate signature failure
verify return:1
depth=0 /C=US/ST=California/L=San Jose/O=...
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=San Jose/O=Resoft
Corporation/CN=www.reinfosolutions.com/Email=sys-admin@resoftcorp.com
i:/C=US/ST=California/L=San Jose/O=Resoft
Corporation/CN=www.reinfosolutions.com/Email=sys-admin@resoftcorp.com
....
....
....
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=San Jose/O=...
issuer=/C=US/ST=California/L=San Jose/O=...
---
No client certificate CA names sent
---
SSL handshake has read 1211 bytes and written 314 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID:
Session-ID-ctx:
Master-Key:
534ABFAC5580527215559097FF2E83EF2D4E4B2057DC08FE0E DF2D2FEC735A5E145D29683184
7D3B13862FD30B21BBD3
Key-Arg : None
Start Time: 1068623129
Timeout : 300 (sec)
Verify return code: 7 (certificate signature failure)
---
GET / HTTP/1.0

HTTP/1.1 403 Forbidden
Date: Wed, 12 Nov 2003 08:02:17 GMT
Server: Apache/2.0.40 (Red Hat Linux)
Accept-Ranges: bytes
Content-Length: 2898
Connection: close
Content-Type: text/html; charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Test Page for the Apache Web Server on Red Hat Linux</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red
(active) -->
<BODY BGCOLOR="#FFFFFF">

<H1 ALIGN="CENTER">Test Page</H1>
This page is used to test the proper operation of the Apache Web
server
after
it has been installed. If you can read this page, it means that the
Apache
Web server installed at this site is working properly.

<HR WIDTH="50%">
....
....
....
<P ALIGN="CENTER">
<A HREF="http://www.apache.org/"><IMG SRC="/icons/apache_pb.gif"
ALT="[
Powered
by Apache ]"></A>
</P>

<P>
You are free to use the image below on a Red Hat Linux-powered Web
server. Thanks for using Red Hat Linux!
</P>

<P ALIGN="center">
<A HREF="http://www.redhat.com/"><IMG SRC="/icons/powered_by.gif"
ALT="[
Powered
by Red Hat Linux ]"></A>
</P>
</BODY>
</HTML>
read:errno=0
  #2 (permalink)  
Old 11-13-2003
TowerOfPower
 
Posts: n/a
Default Re: Please help! Mixing named virtual host and ip-based SSL
>I now want to add an SSL virtual host on port 443.
>I know that I can't have name-based virtual hosts with SSL.


You can have 1 (ONE and only one) SSL virtual host on port 443 with
name-based virtual hosting. OR, you can have many SSL virtual hosts
with name-based virtual hosting if you use different ports for each
one of those SSL virtual hosts, while having them all on the same IP.



DeveloperSide.NET
http://www.devside.net
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 04:46 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0