Desperate!! SSL and non-SSL VirtualHost at the same IP

Thank you very much for your help!!!

I've been trying to set up a SSL and non-SSL VirtualHost at the same IP for the last 2 weeks without success. I'm including that I believe are the relavent portions of my httpd.conf file and server config. What am I missing here??

------------------------------------------------------------------------

Apache/1.3.20 (Unix) AuthMySQL/2.20 PHP/4.0.5 mod_ssl/2.8.4 OpenSSL/0.9.6a

------------------------------------------------------------------------

ServerType standalone
ServerRoot "/usr/local"
PidFile /var/run/httpd.pid

Port 80
<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>

User nobody
Group nobody

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

HostnameLookups Off

NameVirtualHost 68.121.21.226:80
NameVirtualHost 68.121.21.226:443

<VirtualHost URL>
DocumentRoot /usr/local/share/doc/apache/htdocs
ServerName URL
...
Redirect /secure URL
SSLDisable
</VirtualHost>
<VirtualHost 68.121.21.226:443>
DocumentRoot /usr/local/share/doc/apache/htdocs/secure
ServerName 68.121.21.226
...
SSLEnable
</VirtualHost>

Thx
Mike

>> NameVirtualHost 68.121.21.226:80
>> NameVirtualHost 68.121.21.226:443

Have you specified a ServerName line globally? If so and it's host.ip.com. Then remove the NameVirtualHost lines above and change it to: NameVirtualHost *. Else, change it to: NameVirtualHost 68.121.21.226.

>> <VirtualHost www.ip.com:80>

Change to <VirtualHost *> or <VirtualHost 68.121.21.226>

>> Redirect /secure https://68.121.21.226:443

Change to Redirect /secure https://www.ip.com or preferably:

RewriteEngine on
RewriteRule ^secure(.*) https://www.ip.com$1 [R,L]

because a request of http://www.ip.com/secure/blahblah.html would redirect to https://www.ip.com/, not with the requested blahblah.html file as https://www.ip.com/blahblah.html.

>> SSLDisable

Comment out this line

>> <VirtualHost 68.121.21.226:443>

Use <VirtualHost _default_:443>

>> ServerName 68.121.21.226

Set it to www.ip.com

>> SSLEnable

Comment out this line

You should also have something like:

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/etc/apache/certs/server.cert
SSLCertificateKeyFile /usr/local/etc/apache/certs/server.key

Keep in mind, the cn (common name) MUST MATCH and UNIQUE per IP.
You may generate a cert for host.ip.com, since you wanted it to be www.ip.com, so just generate a cert with the cn -- www.ip.com. If you set the ServerName for https to be the IP, then the cn don't match.

I made changes to the httpd.conf file. Still doesn't work. Thank you very much for your help!!!!

ServerType standalone
ServerRoot "/usr/local"

Port 80
<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>

User nobody
Group nobody

NameVirtualHost 64.133.50.226

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/etc/apache/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server.key
<Directory "/usr/local/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLVerifyClient 0


<VirtualHost URL>
DocumentRoot /usr/local/share/doc/apache/htdocs
ServerName URL
...
SSLDisable
</VirtualHost>


<VirtualHost URL>
DocumentRoot /usr/local/share/doc/apache/htdocs01
ServerName URL
...
RewriteEngine on
RewriteRule ^/restricted(.*) URL$1 [R,L]
SSLDisable
</VirtualHost>
<VirtualHost _default_:443>
DocumentRoot /usr/local/share/doc/apache/htdocs01/restricted
ServerName secure.ip2.com
...
SSLEnable
</VirtualHost>


<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>

<IfModule mod_ssl.c>
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /var/log/ssl_engine_log
SSLLogLevel info
</IfModule>

Your cn must be www.ip1.com, not www.ip2.com and not secure.ip2.com.

>> RewriteRule ^/restricted(.*) https://secure.ip2.com$1 [R,L]

Should be written as:

RewriteRule ^restricted(.*) https://www.ip1.com$1 [R,L]

Keep in mind, you MUST use just one cert that match your default host. Your default host, if it's configured inside <VirtualHost>, MUST be the first <VirtualHost> appears in your httpd.conf (www.ip1.com in your case).

>> I made changes to the httpd.conf file. Still doesn't work

But you didn't follow my instructions exactly. And you keep saying it doesn't work. What doesn't work exactly?

1) What did you do?
2) What did happen?
3) What you expected to happen?