You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Gustavo A. Baratto" <gb...@superb.net> on 2003/07/28 18:11:11 UTC
Re: [users@httpd] IP Based Virtual Host
Hi Jonathan,
This solution doesn't work... if two domains are sharing the same IP,
the first one is going to be used for both sites... if you read the cert
when you go to https://www.domain2.com, you'll see that it the exactly
the same if you go to https://www.domain1.com, ie domain1.com.crt
If you put the virtualhost container of domain2.com before domain1.com,
the certs are going be domain2.com.crt
The data is being encrypted, but you users
Except if there is a new workaround that I'm not aware of, https can
just encrypt the headers if it finds the IP first...the old chicken and
problem.
Jonathan Hilgeman wrote:
> Hi,
>
> Yes, you can do this. I have a similar setup - I have one IP and several
> (about 50-80) domains all on name-based vhosting. Two of my domains are
> e-commerce stores and each have their own SSL certificate.
>
> Maybe my configuration file (using ModSSL) can help you. It's not perfect,
> but it works. My configuration looks something like:
>
> httpd.conf:
> --------------------------------
>
> .... all the regular stuff that's in httpd.conf ....
>
> <IfModule mod_ssl.c>
> SSLPassPhraseDialog builtin
> SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
> SSLSessionCacheTimeout 300
> SSLMutex file:/usr/local/apache/logs/ssl_mutex
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLLogLevel info
> SSLLog /usr/local/apache/logs/ssl_engine_log
> </IfModule>
>
> NameVirtualHost MY_IP_ADDRESS:443
>
> <VirtualHost MY_IP_ADDRESS:443>
> ServerAdmin webmaster@domain1.com
> DocumentRoot /www/sites/www.domain1.com
> ServerName domain1.com
> ServerAlias www.domain1.com
> SSLEngine on
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /usr/local/apache/conf/ssl.key/www.domain1.com.crt
> SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/www.domain1.com.key
> <Files ~ "\.(cgi|shtml|phtml|php3|php?)$">
> SSLOptions +StdEnvVars
> </Files>
> <Directory "/usr/local/apache/cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> downgrade-1.0 force-response-1.0
> </VirtualHost>
>
> <VirtualHost MY_IP_ADDRESS:443>
> ServerAdmin webmaster@domain2.com
> DocumentRoot /www/sites/www.domain2.com
> ServerName domain2.com
> ServerAlias www.domain2.com
> SSLEngine on
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /usr/local/apache/conf/ssl.key/www.domain2.com.crt
> SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/www.domain2.com.key
> <Files ~ "\.(cgi|shtml|phtml|php3|php?)$">
> SSLOptions +StdEnvVars
> </Files>
> <Directory "/usr/local/apache/cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> downgrade-1.0 force-response-1.0
> </VirtualHost>
>
> I hope this helps!
>
> - Jonathan
>
> ----- Original Message -----
> From: <ze...@ig.com.br>
> To: <us...@httpd.apache.org>
> Sent: Monday, July 28, 2003 1:41 PM
> Subject: [users@httpd] IP Based Virtual Host
>
>
>
>>I have 4 domains on the same server and just one external IP. Can I use
>
> ssl
>
>>with different certificates for each of the domains using name based
>
> vhosts?
>
>>I've tried to set my server with ip based virtual host but cannot make my
>>router forward the packets to the right ip. I've created one virtual ip
>
> for
>
>>each domain.
>>
>>Thanks,
>>
>>_________________________________________________________
>>Voce quer um iGMail protegido contra vírus e spams?
>>Clique aqui: http://www.igmailseguro.ig.com.br
>>Ofertas imperdíveis! Link: http://www.americanas.com.br/ig/
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
--
--------------------------------------------------------------------------
Gustavo Baratto - Programming and Technical Support
GBaratto@SUPERB.NET * (604) 638-2525 ext. 408
Technical support web-site: http://support.superb.net
Superb Internet Corp. "Ahead of the Rest"
-------------------------------------------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] IP Based Virtual Host
Posted by Jonathan Hilgeman <jh...@red-tea-rooibos.com>.
D'oh! That's what I get for trying to be self-important. :) Sorry Gustavo -
I'll go sit in the corner and eat some humble pie for a while. I coulda
sworn... ah well.
- Jonathan
----- Original Message -----
From: "Zac Stevens" <zt...@cryptocracy.com>
To: <us...@httpd.apache.org>
Sent: Monday, July 28, 2003 5:26 PM
Subject: Re: [users@httpd] IP Based Virtual Host
> On Mon, Jul 28, 2003 at 05:16:21PM -0700, Jonathan Hilgeman wrote:
> > Not true - I have this working on my server. Each server has its own
> > certificate. The important thing is the domain names. If you have 1 IP,
then
> > you need to rely on the domain names. Apache will "select" the
virtualhost
> > that has a matching domain name.
>
> I'm afraid you're mistaken. SSL and HTTP/1.1 (ie, name-based) virtual
> hosts are fundamentally incompatible. For further details, take a look at
>
> http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47
>
> Cheers,
>
>
> Zac
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] IP Based Virtual Host
Posted by Zac Stevens <zt...@cryptocracy.com>.
On Mon, Jul 28, 2003 at 05:16:21PM -0700, Jonathan Hilgeman wrote:
> Not true - I have this working on my server. Each server has its own
> certificate. The important thing is the domain names. If you have 1 IP, then
> you need to rely on the domain names. Apache will "select" the virtualhost
> that has a matching domain name.
I'm afraid you're mistaken. SSL and HTTP/1.1 (ie, name-based) virtual
hosts are fundamentally incompatible. For further details, take a look at
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47
Cheers,
Zac
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] IP Based Virtual Host
Posted by Zac Stevens <zt...@cryptocracy.com>.
On Mon, Jul 28, 2003 at 05:41:33PM -0700, Jonathan Hilgeman wrote:
> Eating pie is boring without reading material, so I might as well take the
> opportunity to learn more about the SSL process. Can anyone recommend some
> good material on understanding SSL, not necessarily in book form?
I'd suggest starting with the SSL/TLS Encryption guide in the Apache 2.0
documentation. It starts with a high-level explanation of the different
ways encryption can be applied to the problems SSL tries to solve, but
moves into detailed explanations with configuration examples:
http://httpd.apache.org/docs-2.0/ssl/
Definitely worth a look!
Zac
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] IP Based Virtual Host
Posted by Jonathan Hilgeman <jh...@red-tea-rooibos.com>.
Eating pie is boring without reading material, so I might as well take the
opportunity to learn more about the SSL process. Can anyone recommend some
good material on understanding SSL, not necessarily in book form?
- Jonathan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] IP Based Virtual Host
Posted by "Gustavo A. Baratto" <gb...@superb.net>.
Well, I tried this... Used UseCanonicalName On, but still the second
virtualhost uses the cert of the first virtualhost... Except if there is
a new way of doing https handshake, ssl on name-based is technically
impossible... anybody else could see this working?
Jonathan Hilgeman wrote:
> Not true - I have this working on my server. Each server has its own
> certificate. The important thing is the domain names. If you have 1 IP, then
> you need to rely on the domain names. Apache will "select" the virtualhost
> that has a matching domain name.
>
> So if you go to https://www.domain2.com , Apache should basically look up
> the <VirtualHost> for domain1.com and see that the ServerName and
> ServerAlias are not domain2.com, and ignore it. Then it goes to the next
> <VirtualHost> and sees ServerName domain2.com and says, "Hey, this is the
> right virtual host, so I'll use the certificate listed here."
>
> Now, if you don't have the right configuration for domain2.com, then Apache
> might ignore it, too. If it can't find any other <VirtualHost> entries, THEN
> it will default to the first one. But if the <VirtualHost> entries are set
> up right, it should work fine. So double-check everything and make sure you
> have the ServerName and ServerAlias (optional) set up correctly.
>
> Just a side note - you should turn on "UseCanonicalName" if it is off. Just
> search for that in your httpd.conf and if you don't see it or if it's
> commented out, make sure it looks like:
>
> UseCanonicalName On
>
> - Jonathan
>
>
> ----- Original Message -----
> From: "Gustavo A. Baratto" <gb...@superb.net>
> To: <us...@httpd.apache.org>
> Sent: Monday, July 28, 2003 9:11 AM
> Subject: Re: [users@httpd] IP Based Virtual Host
>
>
>
>>Hi Jonathan,
>>
>>This solution doesn't work... if two domains are sharing the same IP,
>>the first one is going to be used for both sites... if you read the cert
>>when you go to https://www.domain2.com, you'll see that it the exactly
>>the same if you go to https://www.domain1.com, ie domain1.com.crt
>>
>>If you put the virtualhost container of domain2.com before domain1.com,
>>the certs are going be domain2.com.crt
>>
>>The data is being encrypted, but you users
>>
>>Except if there is a new workaround that I'm not aware of, https can
>>just encrypt the headers if it finds the IP first...the old chicken and
>>problem.
>>
>>
>>
>>Jonathan Hilgeman wrote:
>>
>>>Hi,
>>>
>>>Yes, you can do this. I have a similar setup - I have one IP and several
>>>(about 50-80) domains all on name-based vhosting. Two of my domains are
>>>e-commerce stores and each have their own SSL certificate.
>>>
>>>Maybe my configuration file (using ModSSL) can help you. It's not
>
> perfect,
>
>>>but it works. My configuration looks something like:
>>>
>>>httpd.conf:
>>>--------------------------------
>>>
>>>.... all the regular stuff that's in httpd.conf ....
>>>
>>><IfModule mod_ssl.c>
>>> SSLPassPhraseDialog builtin
>>> SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
>>> SSLSessionCacheTimeout 300
>>> SSLMutex file:/usr/local/apache/logs/ssl_mutex
>>> SSLRandomSeed startup builtin
>>> SSLRandomSeed connect builtin
>>> SSLLogLevel info
>>> SSLLog /usr/local/apache/logs/ssl_engine_log
>>></IfModule>
>>>
>>>NameVirtualHost MY_IP_ADDRESS:443
>>>
>>><VirtualHost MY_IP_ADDRESS:443>
>>> ServerAdmin webmaster@domain1.com
>>> DocumentRoot /www/sites/www.domain1.com
>>> ServerName domain1.com
>>> ServerAlias www.domain1.com
>>> SSLEngine on
>>> SSLCipherSuite
>>>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>>> SSLCertificateFile /usr/local/apache/conf/ssl.key/www.domain1.com.crt
>>> SSLCertificateKeyFile
>
> /usr/local/apache/conf/ssl.key/www.domain1.com.key
>
>>> <Files ~ "\.(cgi|shtml|phtml|php3|php?)$">
>>> SSLOptions +StdEnvVars
>>> </Files>
>>> <Directory "/usr/local/apache/cgi-bin">
>>> SSLOptions +StdEnvVars
>>> </Directory>
>>> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
>>>downgrade-1.0 force-response-1.0
>>></VirtualHost>
>>>
>>><VirtualHost MY_IP_ADDRESS:443>
>>> ServerAdmin webmaster@domain2.com
>>> DocumentRoot /www/sites/www.domain2.com
>>> ServerName domain2.com
>>> ServerAlias www.domain2.com
>>> SSLEngine on
>>> SSLCipherSuite
>>>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>>> SSLCertificateFile /usr/local/apache/conf/ssl.key/www.domain2.com.crt
>>> SSLCertificateKeyFile
>
> /usr/local/apache/conf/ssl.key/www.domain2.com.key
>
>>> <Files ~ "\.(cgi|shtml|phtml|php3|php?)$">
>>> SSLOptions +StdEnvVars
>>> </Files>
>>> <Directory "/usr/local/apache/cgi-bin">
>>> SSLOptions +StdEnvVars
>>> </Directory>
>>> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
>>>downgrade-1.0 force-response-1.0
>>></VirtualHost>
>>>
>>>I hope this helps!
>>>
>>>- Jonathan
>>>
>>>----- Original Message -----
>>>From: <ze...@ig.com.br>
>>>To: <us...@httpd.apache.org>
>>>Sent: Monday, July 28, 2003 1:41 PM
>>>Subject: [users@httpd] IP Based Virtual Host
>>>
>>>
>>>
>>>
>>>>I have 4 domains on the same server and just one external IP. Can I use
>>>
>>>ssl
>>>
>>>
>>>>with different certificates for each of the domains using name based
>>>
>>>vhosts?
>>>
>>>
>>>>I've tried to set my server with ip based virtual host but cannot make
>
> my
>
>>>>router forward the packets to the right ip. I've created one virtual ip
>>>
>>>for
>>>
>>>
>>>>each domain.
>>>>
>>>>Thanks,
>>>>
>>>>_________________________________________________________
>>>>Voce quer um iGMail protegido contra vírus e spams?
>>>>Clique aqui: http://www.igmailseguro.ig.com.br
>>>>Ofertas imperdíveis! Link: http://www.americanas.com.br/ig/
>>>>
>>>>
>>>>---------------------------------------------------------------------
>>>>The official User-To-User support forum of the Apache HTTP Server
>
> Project.
>
>>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>The official User-To-User support forum of the Apache HTTP Server
>
> Project.
>
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>--
>> ------------------------------------------------------------------------
>
> --
>
>> Gustavo Baratto - Programming and Technical Support
>> GBaratto@SUPERB.NET * (604) 638-2525 ext. 408
>>
>> Technical support web-site: http://support.superb.net
>> Superb Internet Corp. "Ahead of the Rest"
>> ------------------------------------------------------------------------
>
> -
>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
--
--------------------------------------------------------------------------
Gustavo Baratto - Programming and Technical Support
GBaratto@SUPERB.NET * (604) 638-2525 ext. 408
Technical support web-site: http://support.superb.net
Superb Internet Corp. "Ahead of the Rest"
-------------------------------------------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] IP Based Virtual Host
Posted by Jonathan Hilgeman <jh...@red-tea-rooibos.com>.
Not true - I have this working on my server. Each server has its own
certificate. The important thing is the domain names. If you have 1 IP, then
you need to rely on the domain names. Apache will "select" the virtualhost
that has a matching domain name.
So if you go to https://www.domain2.com , Apache should basically look up
the <VirtualHost> for domain1.com and see that the ServerName and
ServerAlias are not domain2.com, and ignore it. Then it goes to the next
<VirtualHost> and sees ServerName domain2.com and says, "Hey, this is the
right virtual host, so I'll use the certificate listed here."
Now, if you don't have the right configuration for domain2.com, then Apache
might ignore it, too. If it can't find any other <VirtualHost> entries, THEN
it will default to the first one. But if the <VirtualHost> entries are set
up right, it should work fine. So double-check everything and make sure you
have the ServerName and ServerAlias (optional) set up correctly.
Just a side note - you should turn on "UseCanonicalName" if it is off. Just
search for that in your httpd.conf and if you don't see it or if it's
commented out, make sure it looks like:
UseCanonicalName On
- Jonathan
----- Original Message -----
From: "Gustavo A. Baratto" <gb...@superb.net>
To: <us...@httpd.apache.org>
Sent: Monday, July 28, 2003 9:11 AM
Subject: Re: [users@httpd] IP Based Virtual Host
> Hi Jonathan,
>
> This solution doesn't work... if two domains are sharing the same IP,
> the first one is going to be used for both sites... if you read the cert
> when you go to https://www.domain2.com, you'll see that it the exactly
> the same if you go to https://www.domain1.com, ie domain1.com.crt
>
> If you put the virtualhost container of domain2.com before domain1.com,
> the certs are going be domain2.com.crt
>
> The data is being encrypted, but you users
>
> Except if there is a new workaround that I'm not aware of, https can
> just encrypt the headers if it finds the IP first...the old chicken and
> problem.
>
>
>
> Jonathan Hilgeman wrote:
> > Hi,
> >
> > Yes, you can do this. I have a similar setup - I have one IP and several
> > (about 50-80) domains all on name-based vhosting. Two of my domains are
> > e-commerce stores and each have their own SSL certificate.
> >
> > Maybe my configuration file (using ModSSL) can help you. It's not
perfect,
> > but it works. My configuration looks something like:
> >
> > httpd.conf:
> > --------------------------------
> >
> > .... all the regular stuff that's in httpd.conf ....
> >
> > <IfModule mod_ssl.c>
> > SSLPassPhraseDialog builtin
> > SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
> > SSLSessionCacheTimeout 300
> > SSLMutex file:/usr/local/apache/logs/ssl_mutex
> > SSLRandomSeed startup builtin
> > SSLRandomSeed connect builtin
> > SSLLogLevel info
> > SSLLog /usr/local/apache/logs/ssl_engine_log
> > </IfModule>
> >
> > NameVirtualHost MY_IP_ADDRESS:443
> >
> > <VirtualHost MY_IP_ADDRESS:443>
> > ServerAdmin webmaster@domain1.com
> > DocumentRoot /www/sites/www.domain1.com
> > ServerName domain1.com
> > ServerAlias www.domain1.com
> > SSLEngine on
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> > SSLCertificateFile /usr/local/apache/conf/ssl.key/www.domain1.com.crt
> > SSLCertificateKeyFile
/usr/local/apache/conf/ssl.key/www.domain1.com.key
> > <Files ~ "\.(cgi|shtml|phtml|php3|php?)$">
> > SSLOptions +StdEnvVars
> > </Files>
> > <Directory "/usr/local/apache/cgi-bin">
> > SSLOptions +StdEnvVars
> > </Directory>
> > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> > downgrade-1.0 force-response-1.0
> > </VirtualHost>
> >
> > <VirtualHost MY_IP_ADDRESS:443>
> > ServerAdmin webmaster@domain2.com
> > DocumentRoot /www/sites/www.domain2.com
> > ServerName domain2.com
> > ServerAlias www.domain2.com
> > SSLEngine on
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> > SSLCertificateFile /usr/local/apache/conf/ssl.key/www.domain2.com.crt
> > SSLCertificateKeyFile
/usr/local/apache/conf/ssl.key/www.domain2.com.key
> > <Files ~ "\.(cgi|shtml|phtml|php3|php?)$">
> > SSLOptions +StdEnvVars
> > </Files>
> > <Directory "/usr/local/apache/cgi-bin">
> > SSLOptions +StdEnvVars
> > </Directory>
> > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> > downgrade-1.0 force-response-1.0
> > </VirtualHost>
> >
> > I hope this helps!
> >
> > - Jonathan
> >
> > ----- Original Message -----
> > From: <ze...@ig.com.br>
> > To: <us...@httpd.apache.org>
> > Sent: Monday, July 28, 2003 1:41 PM
> > Subject: [users@httpd] IP Based Virtual Host
> >
> >
> >
> >>I have 4 domains on the same server and just one external IP. Can I use
> >
> > ssl
> >
> >>with different certificates for each of the domains using name based
> >
> > vhosts?
> >
> >>I've tried to set my server with ip based virtual host but cannot make
my
> >>router forward the packets to the right ip. I've created one virtual ip
> >
> > for
> >
> >>each domain.
> >>
> >>Thanks,
> >>
> >>_________________________________________________________
> >>Voce quer um iGMail protegido contra vírus e spams?
> >>Clique aqui: http://www.igmailseguro.ig.com.br
> >>Ofertas imperdíveis! Link: http://www.americanas.com.br/ig/
> >>
> >>
> >>---------------------------------------------------------------------
> >>The official User-To-User support forum of the Apache HTTP Server
Project.
> >>See <URL:http://httpd.apache.org/userslist.html> for more info.
> >>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> " from the digest: users-digest-unsubscribe@httpd.apache.org
> >>For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >>
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
>
> --
> ------------------------------------------------------------------------
--
> Gustavo Baratto - Programming and Technical Support
> GBaratto@SUPERB.NET * (604) 638-2525 ext. 408
>
> Technical support web-site: http://support.superb.net
> Superb Internet Corp. "Ahead of the Rest"
> ------------------------------------------------------------------------
-
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org