Virtual Hosts + SSL Certificates

Dev Shed Forums Sponsor:

January 20th, 2002, 06:23 AM

_8of9_

Junior Member

Join Date: Jan 2002

Posts: 2

Time spent in forums: < 1 sec
Reputation Power: 0

Virtual Hosts + SSL Certificates

I am running virtual hosts on Apache 1.3.22 + mod_ssl 2.8.5. I can access http and https for each virtual host with no problem. However it seems that when I access https, all the virtual hosts are using the SSL certificate for the default https virtual host instead of their own. Does anyone have any tips? My httpd.conf is basically:

..
NameVirtualHost *:443

<VirtualHost *:443>
ServerName ... (for default server)
..
SSLCertificateFile ... (for default server)
SSLCertificateKey ... (for default server)
SSLCertificateChainFile ... (for default server)
SSLCACertificateFile ... (for default server)
..
</VirtualHost>

<VirtualHost *:443>
ServerName ... (for Virtual Host #1)
..
SSLCertificateFile ... (for Virtual Host #1)
SSLCertificateKey ... (for Virtual Host #1)
SSLCertificateChainFile ... (for Virtual Host #1)
SSLCACertificateFile ... (for Virtual Host #1)
..
</VirtualHost>

<VirtualHost *:443>
ServerName ... (for Virtual Host #2)
..
SSLCertificateFile ... (for Virtual Host #2)
SSLCertificateKey ... (for Virtual Host #2)
SSLCertificateChainFile ... (for Virtual Host #2)
SSLCACertificateFile ... (for Virtual Host #2)
..
</VirtualHost>

..

January 20th, 2002, 04:35 PM

freebsd

Contributing User

Join Date: Jan 2001

Posts: 5

Time spent in forums: < 1 sec
Reputation Power: 0

You need to use IP-based vhost, not name-based. Right now no matter what you do (granting the cert even the CN mismatches), you will see ONLY your default site.

Start here -> http://forums.devshed.com/showthrea...5642&forumid=15

January 21st, 2002, 02:15 AM

_8of9_

Junior Member

Join Date: Jan 2002

Posts: 2

Time spent in forums: < 1 sec
Reputation Power: 0

Thank you very much for your reply.

This kinda creates a dilemma because this is for use on a developmental server with only 1 dynamic IP. Do you have any suggestions or should I just not bother with it since it's only for developmental purposes?

January 21st, 2002, 08:04 AM

freebsd

Contributing User

Join Date: Jan 2001

Posts: 5

Time spent in forums: < 1 sec
Reputation Power: 0

>> since it's only for developmental purposes?

Then just forget using SSL for non-default site.

>> with only 1 dynamic IP

Then it's just technical impossible.
When you only have one IP (static or dynamic), you can create as many certs with different CN for different protocol. Say your system hostname is mail.domain.com, www.domain.com happens to have an A record that points to the same IP as mail.domain.com. You then can make multiple certs, one of www and one for mail. But you just CAN'T use both www and mail for the same protocol. Though, you can use CN of www.domain.com for Apache and mail.domain.com for smtp/imap/pop over TLS.

Viewing: Dev Shed Forums > System Administration > Apache Development > Virtual Hosts + SSL Certificates

« Previous Thread | Next Thread »

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump