https and virtual hosts problem
This is a discussion on https and virtual hosts problem within the Apache Web Server forums, part of the Web Server and Related Forums category; I have two sites running on my Apache2 server, acme.com & example.com Acme.com has SSL enabled as ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-06-2007
|
|||
|
|||
https and virtual hosts problem
I have two sites running on my Apache2 server, acme.com & example.com
Acme.com has SSL enabled as it provides an https payment gateway. Example.com is http only. I have configured them as follows: /etc/apache2/sites-enabled/acme <VirtualHost 192.168.1.6:80> ServerName www.acme.com ServerAlias acme.com DocumentRoot /var/www/acme ErrorLog /var/log/apache2/acme-error.log CustomLog /var/log/apache2/acme-access.log combined </VirtualHost> <VirtualHost 192.168.1.6:443> ServerName www.acme.com ServerAlias acme.com DocumentRoot /var/www/acme ErrorLog /var/log/apache2/acme-error.log CustomLog /var/log/apache2/acme-access.log combined SSLEngine on SSLCertificateFile /etc/apache2/ssl/ssl.crt/www.acme.com.crt SSLCertificateKeyFile /etc/apache2/ssl/ssl.key/www.acme.com.key </VirtualHost> /etc/apache2/sites-enabled/example NameVirtualHost www.example.com:80 <VirtualHost www.example.com:80> ServerName www.example.com ServerAlias example.com DocumentRoot /var/www/example ErrorLog /var/log/apache2/example-error.log CustomLog /var/log/apache2/example-access.log combined </VirtualHost> http://www.acme.com - works fine https://www.acme.com - works fine http://www.example.com - works fine https://www.example.com - redirects me to https://www.acme.com! How do I avoid this happening? Many thanks |
|
07-14-2007
|
|||
|
|||
|
Re: https and virtual hosts problem
Davide Bianchi wrote:
> On 2007-05-06, egod <egoduk@NOSPAM_hotmail.com> wrote: > >>http://www.acme.com - works fine >>https://www.acme.com - works fine >>http://www.example.com - works fine >> >>https://www.example.com - redirects me to https://www.acme.com! >>How do I avoid this happening? > > > You can define another ssl-enabled site for www.example.com and > handle it there, but you always will receive a message that the > certificate is for the wrong server. Is the way the https protocol > works. Or you could use two different IP addresses for the two > site. That would take care of everything. > > Davide > The reason being that the https server doesnt know what the v1.1 http header looks like until AFTER it has been unscrambled - which can only be done within the defined virtual host - by which time its too late. You might like to experiment to find out, but I think the https server is doing what its doing because its the ONLY secure server at that address. The results look completely predictable to me. I read recently somewhere in the Apache documantation that its not possible to create multiple virtual https hosts on the same machine using the same port. So .. either buy another IP address .. or use another port. If you want, I will try to locate the link for you Regards Frederick |
|
07-15-2007
|
|||
|
|||
|
Re: https and virtual hosts problem
Frederick Smith wrote:
<snip> > The reason being that the https server doesnt know what the v1.1 http > header looks like until AFTER it has been unscrambled - which can only > be done within the defined virtual host - by which time its too late. > > You might like to experiment to find out, but I think the https server > is doing what its doing because its the ONLY secure server at that > address. The results look completely predictable to me. > > I read recently somewhere in the Apache documantation that its not > possible to create multiple virtual https hosts on the same machine > using the same port. So .. either buy another IP address .. or use > another port. If you want, I will try to locate the link for you > There is an exception to this. A wildcard certificate for *.domain.com will enable you to do https for multiple virtual hosts on the same port. This is because they all use the same certificate. Jim |
|
07-15-2007
|
|||
|
|||
|
Re: https and virtual hosts problem
"Jim Hayter" <see.reply.to@nowhere.invalid> schreef in bericht
news:139j9jl7ubok2dc@news.supernews.com... >> I read recently somewhere in the Apache documantation that its not >> possible to create multiple virtual https hosts on the same machine >> using the same port. So .. either buy another IP address .. or use >> another port. If you want, I will try to locate the link for you > > There is an exception to this. A wildcard certificate for *.domain.com > will enable you to do https for multiple virtual hosts on the same port. > This is because they all use the same certificate. > Given the domains www.acme.com and www.example.com a wildcard certificate won't do the tric. OP may try his luck with SubjectAltName-support http://wiki.cacert.org/wiki/VhostTaskForce http://www.entrust.net/ssl-products.htm http://issues.apache.org/bugzilla/show_bug.cgi?id=34607 Might need to use mod_gnuls in stead of mod_ssl. Might need to merge all sites into a single virtual host, by using a server alias for each one, and revirtualize them by other means then apache vhostting ... HansH |
Linear Mode
