[thelist] Apache/SSL Question

rabbit at poorrabbit.com rabbit at poorrabbit.com
Thu Oct 31 11:55:01 CST 2002


What you probably want to do is name based virtual hosting.
like so:
where xx.xx.xx.xx is your IP address

NameVirtualHost xx.xx.xx.xx
NameVirtualHost xx.xx.xx.xx:443

<VirtualHost xx.xx.xx.xx:443>
ServerName secure.stinkmachine.com
SSLEngine On
SSLCertificateFile conf/ssl/my-server.cert
SSLCertificateKeyFile conf/ssl/my-server.key
DocumentRoot c:/wwwroot/core/stinkmachine/checkout
</VirtualHost>

If you wanted a second secure site:

<VirtualHost xx.xx.xx.xx:443>
ServerName secure2.stinkmachine.com
SSLEngine On
SSLCertificateFile conf/ssl/my-server2.cert
SSLCertificateKeyFile conf/ssl/my-server2.key
DocumentRoot c:/wwwroot/core/stinkmachine2/checkout
</VirtualHost>

By using the ServerName (or ServerAlias) directive, combined with
NameVirtualHost/VirtualHost directives, you can have multiple sites,
with different names and different doc roots that all have the same IP
address. If I'm not mistaken you can do this to have multiple SSL sites on
the same IP as well. SSL certs are tied to domain names, NOT ip addresses.

>
> Message: 13
> Date: Thu, 31 Oct 2002 07:01:21 -0800
> From: "Michael Buffington" <mike at mxdeveloper.com>
> To: thelist at lists.evolt.org
> Subject: RE: [thelist] Apache/SSL Question
> Reply-To: thelist at lists.evolt.org
>
> I actually just "rebuilt" my server on win32 to use the latest modssl
> (can't remember the version) with the newest possible Apache version that
> modssl supports (1.3.27).
>
> I'm still not able to get SSL to work. I'm getting an error in the
> SSL.log file saying:
>
> [warn]  Init: (12-231-153-25.client.attbi.com:443) RSA server certificate
> CommonName (CN) `secure.stinkmachine.com' does NOT match server name!?
>
> Now, I've just now realized that the error is actually a warning, but I'm
> still not able to connect to https://secure.stinkmachine.com
>
> I am able to connect to http://secure.stinkmachine.com:443
>
> Here's what my VirtualHost looks like for secure.stinkmachine.com:
>
> # see http://www.modssl.org/docs/2.4/ssl_reference.html for more info
> SSLMutex sem
> SSLRandomSeed startup builtin
> SSLSessionCache none
>
> SSLLog logs/SSL.log
> SSLLogLevel info
> # You can later change "info" to "warn" if everything is OK
>
> <VirtualHost secure.stinkmachine.com:443>
> SSLEngine On
> SSLCertificateFile conf/ssl/my-server.cert
> SSLCertificateKeyFile conf/ssl/my-server.key
>
> DocumentRoot c:/wwwroot/core/stinkmachine/checkout
> </VirtualHost>
>
> Any ideas?
>




More information about the thelist mailing list