You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Marek Šabo <ms...@buk.cvut.cz> on 2009/10/03 13:01:31 UTC
[users@httpd] Problem with cert of *443 VirtualHost
Hi all,
I would like to ask anyone if he ran in this issue before posting
configurations.
I configured default virtualhost with both 80 and ssl 443 listeners
(works). I configured two other vhosts with rewrites from 80 to 443
(webmail and other system) but only one is working as expected. Although
the webmail has a ssl access and works, I got certificate errors from
browser. I can live with not trusted CA, but I saw there
localhost
Apache HTTP Server
Test Certificate
which produces erros about hostname mismatch and expiry. I couldn't
google anything about this because localhost apache and ssl are very
common keywords for howtos.
Thanks for any ideas and I'm glad to join this list, regards,
--
Marek Šabo
Server Manager
Club SU CVUT Buben
Bubenečská Kolej (421)
XMPP: zeratul021@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Problem with cert of *443 VirtualHost
Posted by Marek Šabo <ms...@buk.cvut.cz>.
Serge Fonville wrote:
> Hi,
>
> > yes every virtual host lists the sslengine on and etc routines and
> > namevirtualhost on 443 is enabled in default config.
> > My webmail config is nearly similar at least similar in ssl
> configuration
> > part and I don't understand from where it gets that apache test
> cert.
>
> You can't have namevirtualhost with SSL. (yet). This page explains
> why:
> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2
>
>
> Used virtualdocumentroot to resolve this
> VirtualDocumentRoot C:/ProgramData/htdocs/%0
> Combined with subjectaltname in the certificate.
> This resolved it for me
> But you'll have to add the Root Certificate to all clients in their
> trusted store
> For an internetfacing webserver, probably too bad.
> Since I can't think of CA that allows this
>
> HTH
>
> Regards,
>
> Serge Fonville
>
> --
> http://www.sergefonville.nl
>
> Convince Google!!
> They need to support Adsense over SSL
> https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528
> <https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528>
> http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
> <http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en>
Hey,
thanks for suggestion, so you 've already set up multiple ssl vhosts on
one machine?
I need exactly that, my predecessor managed that on old apache sever but
with upgrade it fell down so I have to rewrite configs, e.g. have
webmail and webmin ssl-ed on one host. From what I can think of now, I
could do that with relative path at the end of URL and use mod_rewrite
to rewrite webmail.domain.cz to domain.cz/webmail with domain.cz ssl-ed
(same for webmin). If you have other workaround, could you please submit
sample config?
Thanks & regards
--
Marek Šabo
Chief Server Manager
Club SU CVUT Buben
Bubenečská Kolej
Terronská 28, Prague 16000
XMPP: zeratul021@gmail.com
Re: [users@httpd] Problem with cert of *443 VirtualHost
Posted by Serge Fonville <se...@gmail.com>.
Hi,
> yes every virtual host lists the sslengine on and etc routines and
> > namevirtualhost on 443 is enabled in default config.
> > My webmail config is nearly similar at least similar in ssl configuration
> > part and I don't understand from where it gets that apache test cert.
>
> You can't have namevirtualhost with SSL. (yet). This page explains why:
> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2
Used virtualdocumentroot to resolve this
VirtualDocumentRoot C:/ProgramData/htdocs/%0
Combined with subjectaltname in the certificate.
This resolved it for me
But you'll have to add the Root Certificate to all clients in their trusted
store
For an internetfacing webserver, probably too bad.
Since I can't think of CA that allows this
HTH
Regards,
Serge Fonville
--
http://www.sergefonville.nl
Convince Google!!
They need to support Adsense over SSL
https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528
http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
Re: [users@httpd] Problem with cert of *443 VirtualHost
Posted by Marek Šabo <ms...@buk.cvut.cz>.
Krist van Besien wrote:
> On Sun, Oct 4, 2009 at 3:04 AM, Marek Šabo <ms...@buk.cvut.cz> wrote:
>
>
>> yes every virtual host lists the sslengine on and etc routines and
>> namevirtualhost on 443 is enabled in default config.
>> My webmail config is nearly similar at least similar in ssl configuration
>> part and I don't understand from where it gets that apache test cert.
>>
>
> You can't have namevirtualhost with SSL. (yet). This page explains why:
> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2
>
>
> Krist
>
>
>
>
Thanks,
I've already ran into it and I understand the issue more properly so now
I'm trying to figure the best workaround for my setup.
Regards
--
Marek Šabo
Chief Server Manager
Club SU CVUT Buben
Bubenečská Kolej
Terronská 28, Prague 16000
XMPP: zeratul021@gmail.com
Fwd: [users@httpd] Problem with cert of *443 VirtualHost
Posted by Eric Covener <co...@gmail.com>.
link below needs SNI info!
---------- Forwarded message ----------
From: Krist van Besien <kr...@gmail.com>
Date: Mon, Oct 5, 2009 at 5:54 AM
Subject: Re: [users@httpd] Problem with cert of *443 VirtualHost
To: users@httpd.apache.org
On Sun, Oct 4, 2009 at 3:04 AM, Marek Šabo <ms...@buk.cvut.cz> wrote:
> yes every virtual host lists the sslengine on and etc routines and
> namevirtualhost on 443 is enabled in default config.
> My webmail config is nearly similar at least similar in ssl configuration
> part and I don't understand from where it gets that apache test cert.
You can't have namevirtualhost with SSL. (yet). This page explains why:
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2
Krist
--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: [users@httpd] Problem with cert of *443 VirtualHost
Posted by Krist van Besien <kr...@gmail.com>.
On Sun, Oct 4, 2009 at 3:04 AM, Marek Šabo <ms...@buk.cvut.cz> wrote:
> yes every virtual host lists the sslengine on and etc routines and
> namevirtualhost on 443 is enabled in default config.
> My webmail config is nearly similar at least similar in ssl configuration
> part and I don't understand from where it gets that apache test cert.
You can't have namevirtualhost with SSL. (yet). This page explains why:
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2
Krist
--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Problem with cert of *443 VirtualHost
Posted by Marek Šabo <ms...@buk.cvut.cz>.
Hi,
yes every virtual host lists the sslengine on and etc routines and
namevirtualhost on 443 is enabled in default config.
My webmail config is nearly similar at least similar in ssl
configuration part and I don't understand from where it gets that apache
test cert.
Crypto Sal wrote:
> On 10/03/2009 07:01 AM, Marek Šabo wrote:
>> Hi all,
>>
>> I would like to ask anyone if he ran in this issue before posting
>> configurations.
>> I configured default virtualhost with both 80 and ssl 443 listeners
>> (works). I configured two other vhosts with rewrites from 80 to 443
>> (webmail and other system) but only one is working as expected.
>> Although the webmail has a ssl access and works, I got certificate
>> errors from browser. I can live with not trusted CA, but I saw there
>>
>> localhost
>> Apache HTTP Server
>> Test Certificate
>>
>> which produces erros about hostname mismatch and expiry. I couldn't
>> google anything about this because localhost apache and ssl are very
>> common keywords for howtos.
>>
>> Thanks for any ideas and I'm glad to join this list, regards,
>>
>
>
> Marek,
>
>
> Do the other vhosts list the SSL Directives or is only the default?
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Marek Šabo
Server Manager
Club SU CVUT Buben
Bubenečská Kolej (421)
XMPP: zeratul021@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Problem with cert of *443 VirtualHost
Posted by Crypto Sal <cr...@gmail.com>.
On 10/03/2009 07:01 AM, Marek Šabo wrote:
> Hi all,
>
> I would like to ask anyone if he ran in this issue before posting
> configurations.
> I configured default virtualhost with both 80 and ssl 443 listeners
> (works). I configured two other vhosts with rewrites from 80 to 443
> (webmail and other system) but only one is working as expected.
> Although the webmail has a ssl access and works, I got certificate
> errors from browser. I can live with not trusted CA, but I saw there
>
> localhost
> Apache HTTP Server
> Test Certificate
>
> which produces erros about hostname mismatch and expiry. I couldn't
> google anything about this because localhost apache and ssl are very
> common keywords for howtos.
>
> Thanks for any ideas and I'm glad to join this list, regards,
>
Marek,
Do the other vhosts list the SSL Directives or is only the default?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org