You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Ji...@trendmicro.com.cn on 2003/07/29 09:48:53 UTC

[users@httpd] 答复: [users@httpd] HOWTO : configuring httpd.conf for OpenSSL ?

Mixed port-based /named-based or IP-based  virtual host is not supported by ssl.
You must comments other type virual host in httpd.conf
#NameVirtualHost .....

-----原始邮件-----
发件人: Arthur Chan [mailto:achana@saysit.com.hk]
发送时间: 2003年7月29日 11:53
收件人: users@httpd.apache.org
主题: [users@httpd] HOWTO : configuring httpd.conf for OpenSSL ?


Hi.
I compiled mod_ssl into Apache2 and got openssl to create server.key into
.../conf/server.key and server.crt into .../conf/server.crt
Then I modified httpd.conf like this :
<IfModule mod_ssl.c>
   Include /path/to/html
</IfModule>
Also, I commented out the explicitly defined virtual hosts inside
<VirtualHost v.hostname.com>
</VirtualHost>
because I expect troubles there.

In ssl.conf, I modified the following lines so that they have the samew
parameter values as in httpd.conf
<VirtualHost _default_:443>
  DocumentRoot "/path/to/html"
  ServerName www.my.domain.com:80  # in httpd.conf, I used the BIOS name
e.g. ServerName BIOSNAME:80
  ...
  SSLEngine on
  ...
  SSLCertificate /path/to/conf/ssl.crt/server.crt
  SSLCertificate /path/tp/conf/ssl.key/server.key
  ...
When I start apache again with
# apachectl startssl
I got the following messages
[error] VirtualHost -default_:443 -- mixing * port and non-* ports with a
NameVirtualHost address is not supported: proceeding with unidentified
results.
Apache/2.0.40 mod_ssl/2.0.40 (Pass Phrase Dialog)
...
Can someone please point out where I might have gone wrong ?
I didn't use RedHat's default directories in /etc/httpd.conf .




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] 答复: [users@httpd] HOWTO : configuring httpd.conf for OpenSSL ?

Posted by Arthur Chan <ac...@saysit.com.hk>.

The only virtual host directive is inside the Include file "ssl.conf"
<VirtualHost _default_:443>
DocumentRoot "/path/to/html"
ServerName my.dom.com.hk:443
etc

Do you mean I have to comment that out as well :
# <VirtualHost _default_:443>
and replace that with
<VirtualHost  xxx.yyy.zzz.nnn:443> ???

TIA

----- Original Message -----
From: <Ji...@trendmicro.com.cn>
To: <us...@httpd.apache.org>
Sent: Tuesday, July 29, 2003 03:48 AM
Subject: [users@httpd] 答复: [users@httpd] HOWTO : configuring httpd.conf for
OpenSSL ?


> Mixed port-based /named-based or IP-based  virtual host is not supported
by ssl.
> You must comments other type virual host in httpd.conf
> #NameVirtualHost .....
>
> -----原始邮件-----
> 发件人: Arthur Chan [mailto:achana@saysit.com.hk]
> 发送时间: 2003年7月29日 11:53
> 收件人: users@httpd.apache.org
> 主题: [users@httpd] HOWTO : configuring httpd.conf for OpenSSL ?
>
>
> Hi.
> I compiled mod_ssl into Apache2 and got openssl to create server.key into
> .../conf/server.key and server.crt into .../conf/server.crt
> Then I modified httpd.conf like this :
> <IfModule mod_ssl.c>
>    Include /path/to/html
> </IfModule>
> Also, I commented out the explicitly defined virtual hosts inside
> <VirtualHost v.hostname.com>
> </VirtualHost>
> because I expect troubles there.
>
> In ssl.conf, I modified the following lines so that they have the samew
> parameter values as in httpd.conf
> <VirtualHost _default_:443>
>   DocumentRoot "/path/to/html"
>   ServerName www.my.domain.com:80  # in httpd.conf, I used the BIOS name
> e.g. ServerName BIOSNAME:80
>   ...
>   SSLEngine on
>   ...
>   SSLCertificate /path/to/conf/ssl.crt/server.crt
>   SSLCertificate /path/tp/conf/ssl.key/server.key
>   ...
> When I start apache again with
> # apachectl startssl
> I got the following messages
> [error] VirtualHost -default_:443 -- mixing * port and non-* ports with a
> NameVirtualHost address is not supported: proceeding with unidentified
> results.
> Apache/2.0.40 mod_ssl/2.0.40 (Pass Phrase Dialog)
> ...
> Can someone please point out where I might have gone wrong ?
> I didn't use RedHat's default directories in /etc/httpd.conf .
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] 答复: [users@httpd] HOWTO : configuring httpd.conf for OpenSSL ?

Posted by Arthur Chan <ac...@saysit.com.hk>.

Hi.
All <VirtualHost...> directives have been commented out, I checked the
Include files, they have to <VirtualHost> directives.
Yet, when I do a "apachectl startssl" , I still get this mixed port error
messages.
Where have I gone wrong now ?
Very irritating  :-(
TIA

----- Original Message -----
From: <Ji...@trendmicro.com.cn>
To: <us...@httpd.apache.org>
Sent: Tuesday, July 29, 2003 03:48 AM
Subject: [users@httpd] 答复: [users@httpd] HOWTO : configuring httpd.conf for
OpenSSL ?


> Mixed port-based /named-based or IP-based  virtual host is not supported
by ssl.
> You must comments other type virual host in httpd.conf
> #NameVirtualHost .....
>
> -----原始邮件-----
> 发件人: Arthur Chan [mailto:achana@saysit.com.hk]
> 发送时间: 2003年7月29日 11:53
> 收件人: users@httpd.apache.org
> 主题: [users@httpd] HOWTO : configuring httpd.conf for OpenSSL ?
>
>
> Hi.
> I compiled mod_ssl into Apache2 and got openssl to create server.key into
> .../conf/server.key and server.crt into .../conf/server.crt
> Then I modified httpd.conf like this :
> <IfModule mod_ssl.c>
>    Include /path/to/html
> </IfModule>
> Also, I commented out the explicitly defined virtual hosts inside
> <VirtualHost v.hostname.com>
> </VirtualHost>
> because I expect troubles there.
>
> In ssl.conf, I modified the following lines so that they have the samew
> parameter values as in httpd.conf
> <VirtualHost _default_:443>
>   DocumentRoot "/path/to/html"
>   ServerName www.my.domain.com:80  # in httpd.conf, I used the BIOS name
> e.g. ServerName BIOSNAME:80
>   ...
>   SSLEngine on
>   ...
>   SSLCertificate /path/to/conf/ssl.crt/server.crt
>   SSLCertificate /path/tp/conf/ssl.key/server.key
>   ...
> When I start apache again with
> # apachectl startssl
> I got the following messages
> [error] VirtualHost -default_:443 -- mixing * port and non-* ports with a
> NameVirtualHost address is not supported: proceeding with unidentified
> results.
> Apache/2.0.40 mod_ssl/2.0.40 (Pass Phrase Dialog)
> ...
> Can someone please point out where I might have gone wrong ?
> I didn't use RedHat's default directories in /etc/httpd.conf .
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] 答复: [users@httpd] HOWTO : configuring httpd.conf for OpenSSL ?

Posted by Arthur Chan <ac...@saysit.com.hk>.

Commenting out the whole <VirtualHost _default_:443> block has the benedit
that when I do a "startssl" , there are no error messages. Yet all the
requisite directives such as
SSLEngine on
SSLCipherSuite ALL: blabla
SSLCertificateFile /path/to/certificate
SSLCertificateKeyFile /path/to/key
etc...
are inside this <VirtualHost _default_:443> block.
Can this be right ???
Also, I cannot test with
# telnet localhost 80
it now gives me this message
Trying 127.0.0.1
Connected to localhost.localdomain
ATTEMPT LOGGED from unknown@1287.0.0.1
Connection refused by foreign host.
#

What's happening here now ???
TIA

----- Original Message -----
From: <Ji...@trendmicro.com.cn>
To: <us...@httpd.apache.org>
Sent: Tuesday, July 29, 2003 03:48 AM
Subject: [users@httpd] 答复: [users@httpd] HOWTO : configuring httpd.conf for
OpenSSL ?


> Mixed port-based /named-based or IP-based  virtual host is not supported
by ssl.
> You must comments other type virual host in httpd.conf
> #NameVirtualHost .....
>
> -----原始邮件-----
> 发件人: Arthur Chan [mailto:achana@saysit.com.hk]
> 发送时间: 2003年7月29日 11:53
> 收件人: users@httpd.apache.org
> 主题: [users@httpd] HOWTO : configuring httpd.conf for OpenSSL ?
>
>
> Hi.
> I compiled mod_ssl into Apache2 and got openssl to create server.key into
> .../conf/server.key and server.crt into .../conf/server.crt
> Then I modified httpd.conf like this :
> <IfModule mod_ssl.c>
>    Include /path/to/html
> </IfModule>
> Also, I commented out the explicitly defined virtual hosts inside
> <VirtualHost v.hostname.com>
> </VirtualHost>
> because I expect troubles there.
>
> In ssl.conf, I modified the following lines so that they have the samew
> parameter values as in httpd.conf
> <VirtualHost _default_:443>
>   DocumentRoot "/path/to/html"
>   ServerName www.my.domain.com:80  # in httpd.conf, I used the BIOS name
> e.g. ServerName BIOSNAME:80
>   ...
>   SSLEngine on
>   ...
>   SSLCertificate /path/to/conf/ssl.crt/server.crt
>   SSLCertificate /path/tp/conf/ssl.key/server.key
>   ...
> When I start apache again with
> # apachectl startssl
> I got the following messages
> [error] VirtualHost -default_:443 -- mixing * port and non-* ports with a
> NameVirtualHost address is not supported: proceeding with unidentified
> results.
> Apache/2.0.40 mod_ssl/2.0.40 (Pass Phrase Dialog)
> ...
> Can someone please point out where I might have gone wrong ?
> I didn't use RedHat's default directories in /etc/httpd.conf .
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org