Virtual hosts and SSL?

Hello

I'm trying to setup this apache 1.3 server for virtual hosts, with
ssl. I've got the normal port 80 working, but the SSL is a bit of a
mess.

If I have the SSL pages in the real part of the server, ie,
https://www.example.com/fred/index.htm then they work, but if they're
in the virtual part: https://www.example1.com/fred/index.htm then I
get a 404 - File not found error.

If I do a symbolic link to the pages in the real part of the server
then they work when using a virtual address.
ln -s /httpd/html/fred /httpd/example1/fred

I have set the virtual hosts as these (I've cut out the irelivant
settings)

UseCanonicalName Off

NameVirtualHost 10.10.32.11:80
NameVirtualHost 192.168.1.100:443

<VirtualHost 10.10.32.11:80>
ServerName example1.com
DocumentRoot /httpd/example1
</virtualHost>

<VirtualHost 10.10.32.11:80>
ServerName example2.com
DocumentRoot /httpd/example2
</virtualHost>

<VirtualHost 192.168.1.100:443>
ServerName example1.com
Port 443
DocumentRoot /httpd/example1
</VirtualHost>

<VirtualHost 192.168.1.100:443>
ServerName example2.com
Port 443
DocumentRoot /httpd/example2
</VirtualHost>

The 10.10.32.11 is the servers real IP address, the 192.168.1.100 is
an alias:

/sbin/ifconfig eth0:0 192.168.1.100
/sbin/route add -host 192.168.1.100 eth0:0

The server is behind a firewall and NAT is used to access it from the
outside.

I don't want a certificate or anything, and can put up with the
warning message from the browser, But I do want a secure connection
for people to login with.

The rest of the settings for the SSL part in the httpd.conf havn't
been changed.

Can anyone help

Thanks.
--
Karl McAuley
mailto:karl_mcauley@yahoo.com
http://www.g7smy.f9.co.uk
Remove *NOSPAM* in address when replying

> I'm trying to setup this apache 1.3 server for virtual hosts, with
> ssl. I've got the normal port 80 working, but the SSL is a bit of a
> mess.
[cut]
> <VirtualHost 192.168.1.100:443>
> ServerName example1.com
> Port 443
> DocumentRoot /httpd/example1
> </VirtualHost>
>
> <VirtualHost 192.168.1.100:443>
> ServerName example2.com
> Port 443
> DocumentRoot /httpd/example2
> </VirtualHost>
AFAIK you can only have _one_ ssl virtual-host per ip-port combination.

> I don't want a certificate or anything, and can put up with the
> warning message from the browser, But I do want a secure connection
> for people to login with.
How is the server supposed to do encryption without a certificate?


Martin

"Mary Pegg" <nospam@widetrouser.freeserve.co.uk> skrev i en meddelelse
news:JNdRa.10430$ju6.199123@newsfep4-glfd.server.ntli.net...
> > AFAIK you can only have _one_ ssl virtual-host per ip-port combination.
>
> Are you sure? Anybody else?
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47


Martin

Martin C. Petersen wrote:

> "Mary Pegg" <nospam@widetrouser.freeserve.co.uk> skrev i en meddelelse
> news:JNdRa.10430$ju6.199123@newsfep4-glfd.server.ntli.net...
>> > AFAIK you can only have _one_ ssl virtual-host per ip-port combination.
>>
>> Are you sure? Anybody else?
> http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47

Many thanks for the swift response. You've saved me from wasting
yet more time on trying to implement the impossible.

There's a cold beer for you in Cambridge, England...

On Wed, 16 Jul 2003, Mary Pegg wrote:
> Martin C. Petersen wrote:
>
> > AFAIK you can only have _one_ ssl virtual-host per ip-port combination.
>
> Are you sure? Anybody else?

This is basically true.

There is a way to have more than one virtual-host under an IP/port, but ALL
such virtual hosts must then SHARE the same certificate(s). Whether or not the
SSL system will accept this is another issue - and it will probably depend on
having multiple "common name" fields (if possible) or domains that are all
sub-domains of the same master domain name. That is an issue outside of the
web server program itself.

The reason for this is that the encryption occurs before the request is
received - and only from the request can one determine which virtual host the
request is for.