You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by ed...@ita.org.mo on 2007/09/21 17:29:17 UTC
[users@httpd] http and https
Dear All,
For virtual host config,
Is there a sample for convert http to https ?
Thanks !
Edward.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] http and https
Posted by ed...@ita.org.mo.
Dear All,
I just modify the config again, but it still problem ( can't open the
web page ) :
NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot "/home/itawm/html"
ServerName webmail.ita.org.mo:443
ErrorLog /var/log/httpd/itawm-ssl-error.log
TransferLog /var/log/httpd/itawm-ssl-access.log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/ssl/ita.server.crt
SSLCertificateKeyFile /etc/httpd/ssl/ita.server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/itawm-ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
warning message :
[Sun Sep 23 17:09:20 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Sun Sep 23 17:09:20 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Sun Sep 23 17:09:20 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Sun Sep 23 17:09:20 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Sun Sep 23 17:09:20 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Sun Sep 23 17:09:20 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
Any more help ?
Thanks !
Edward.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] http and https
Posted by Sander Temme <sc...@apache.org>.
On Sep 22, 2007, at 5:11 PM, edwardspl@ita.org.mo wrote:
> If so, would you mind to post your config as an sample here for
> reference ?
You assume that I have a config to post. This is not the case.
S.
--
Sander Temme
sctemme@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: [users@httpd] http and https
Posted by ed...@ita.org.mo.
Sander Temme wrote:
>
> On Sep 21, 2007, at 9:13 AM, edwardspl@ita.org.mo wrote:
>
>> Sorry, I don't quit understand what your means...
>
>
> I'm sorry to hear that.
>
>> For the Web Server setting ( http + https ) :
>>
>> Listen 80
>>
>> NameVirtualHost ip_address
>
>
> NameVirtualHost ip_address:80
>
> Because you're not running name-based virtual hosts on 443.
>
>
>> <VirtualHost webmail.ita.org.mo>
>
>
> <VirtualHost ip_address:80>
>
> ServerName webmail.ita.org.mo:80
>
>> Redirect / https://webmail.ita.org.mo:443
>> </VirtualHost>
>>
>
> I see nothing wrong with the configuration of your SSL vhost.
>
>> etc/rc.d/init.d/httpd restart :
>>
>> Stopping httpd: [ OK ]
>> Starting httpd: [Fri Sep 21 23:57:12 2007] [warn] _default_ VirtualHost
>> overlap on port 443, the first has precedence
>> [ OK ]
>
>
> That suggests there is another virtual host that matches port 443, and
> I hope that the changes above will make that problem go away by
> limiting the redirecting vhost to port 80.
>
> Another possibility: could it be that you have another virtual host on
> port 443 somewhere in your configuration? Some of those Apaches that
> come installed on Linux have an orgy of different configuration files
> that get included here and there, and it's easy to lose track.
>
>> Would you mind to help ( assist ) to update the config ?
>
>
> See above. You can get an overview of the virtual hosts you have
> configured by calling httpd -S. See httpd -h for a list of command-
> line options.
>
> S.
>
Hello Sander,
Are you using single IP + http + https + VH ( Virtual Host ) ?
If so, would you mind to post your config as an sample here for reference ?
I may need an sample for the test...
Thank for your help !
Edward.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] http and https
Posted by Sander Temme <sc...@apache.org>.
On Sep 21, 2007, at 9:13 AM, edwardspl@ita.org.mo wrote:
> Sorry, I don't quit understand what your means...
I'm sorry to hear that.
> For the Web Server setting ( http + https ) :
>
> Listen 80
>
> NameVirtualHost ip_address
NameVirtualHost ip_address:80
Because you're not running name-based virtual hosts on 443.
> <VirtualHost webmail.ita.org.mo>
<VirtualHost ip_address:80>
ServerName webmail.ita.org.mo:80
> Redirect / https://webmail.ita.org.mo:443
> </VirtualHost>
>
I see nothing wrong with the configuration of your SSL vhost.
> etc/rc.d/init.d/httpd restart :
>
> Stopping httpd: [ OK ]
> Starting httpd: [Fri Sep 21 23:57:12 2007] [warn] _default_
> VirtualHost
> overlap on port 443, the first has precedence
> [ OK ]
That suggests there is another virtual host that matches port 443,
and I hope that the changes above will make that problem go away by
limiting the redirecting vhost to port 80.
Another possibility: could it be that you have another virtual host
on port 443 somewhere in your configuration? Some of those Apaches
that come installed on Linux have an orgy of different configuration
files that get included here and there, and it's easy to lose track.
> Would you mind to help ( assist ) to update the config ?
See above. You can get an overview of the virtual hosts you have
configured by calling httpd -S. See httpd -h for a list of command-
line options.
S.
--
Sander Temme
sctemme@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: [users@httpd] http and https
Posted by ed...@ita.org.mo.
Hello Sander,
Sorry, I don't quit understand what your means...
For the Web Server setting ( http + https ) :
Listen 80
NameVirtualHost ip_address
<VirtualHost webmail.ita.org.mo>
Redirect / https://webmail.ita.org.mo:443
</VirtualHost>
Listen 443
<VirtualHost _default_:443>
DocumentRoot ...
ServerName webmail.ita.org.mo:443
ErrorLog ...
TransferLog ...
SSLEngine on
SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/itawm-ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
etc/rc.d/init.d/httpd restart :
Stopping httpd: [ OK ]
Starting httpd: [Fri Sep 21 23:57:12 2007] [warn] _default_ VirtualHost
overlap on port 443, the first has precedence
[ OK ]
Would you mind to help ( assist ) to update the config ?
Thanks !
Edward.
Sander Temme wrote:
>
> On Sep 21, 2007, at 8:49 AM, edwardspl@ita.org.mo wrote:
>
>> So, is there a solution about this problem ?
>
>
> Yes, you get a distinct IP address for every SSL-based virtual host
> you want to set up. Then you set up your DNS to resolve the right
> hostnames to those respective IP addresses, and install certificates
> that have the right hostname as CN field on the right virtual hosts.
>
> That completes the circle.
>
> S.
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] http and https
Posted by Sander Temme <sc...@apache.org>.
On Sep 21, 2007, at 8:49 AM, edwardspl@ita.org.mo wrote:
> So, is there a solution about this problem ?
Yes, you get a distinct IP address for every SSL-based virtual host
you want to set up. Then you set up your DNS to resolve the right
hostnames to those respective IP addresses, and install certificates
that have the right hostname as CN field on the right virtual hosts.
That completes the circle.
S.
--
Sander Temme
sctemme@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: [users@httpd] http and https
Posted by ed...@ita.org.mo.
Hello to you,
So, is there a solution about this problem ?
Thanks !
Edward.
Serge Dubrouski wrote:
>Be careful. NameVirtualHosts can't be converted to HTTPs. You can't
>have more than one HTTPS server on the same IP:port.
>
>On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>
>
>>Dear All,
>>
>>For virtual host config,
>>Is there a sample for convert http to https ?
>>
>>Thanks !
>>
>>Edward.
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>>
>
>
>
>
Re: [users@httpd] http and https
Posted by Evan Platt <ev...@espphotography.com>.
At 08:47 AM 9/21/2007, Joshua Slive wrote:
>You unsubscribe to this list using the same tools that you used to
>subscribe to the list, as is written at the bottom of each message:
>and an email to users-unsubscribe@httpd.apache.org.
Actually, it's time for a moderator to ban this loon. He's asked 3
times, and been told 3 times how to unsubscribe.
There needs to be a "universal unsubscribe" that moderators have access to.
People like that get added to it.
Then when he tries to join any other list, he's denied.
Passing a IQ test is a requirement to get removed from the unsubscribe list.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] http and https
Posted by Joshua Slive <jo...@slive.ca>.
On 9/21/07, jake borg <ja...@hotmail.com> wrote:
>
> how d fuck do i stop this fucking spam coming in my email ???
You unsubscribe to this list using the same tools that you used to
subscribe to the list, as is written at the bottom of each message:
and an email to users-unsubscribe@httpd.apache.org.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] http and https
Posted by Evan Platt <ev...@espphotography.com>.
You signed up for this list.
Are you 12 or something?
Obviously you aren't good at reading - every message that has come in
has the following:
list-unsubscribe: <ma...@httpd.apache.org>
Click the link.
At 08:41 AM 9/21/2007, jake borg wrote:
>how d $#$$ do i stop this $$#$#%# spam coming in my email ???
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] http and https
Posted by Phillip Hamilton <ph...@myarchive.biz>.
Hit alt+f4 approx 8 times.
Seriously though, you subscribed to the service. Don't complain.
To cancel, just go to apache.org, click on mailing lists, and follow the
instructions.
From: jake borg [mailto:jakeborg@hotmail.com]
Sent: Friday, September 21, 2007 10:41 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] http and https
how d fuck do i stop this fucking spam coming in my email ???
_____
> Date: Fri, 21 Sep 2007 09:39:39 -0600
> From: sergeyfd@gmail.com
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] http and https
>
> Be careful. NameVirtualHosts can't be converted to HTTPs. You can't
> have more than one HTTPS server on the same IP:port.
>
> On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
> > Dear All,
> >
> > For virtual host config,
> > Is there a sample for convert http to https ?
> >
> > Thanks !
> >
> > Edward.
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
>
> --
> Serge Dubrouski.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
_____
Explore the seven wonders of the world Learn more!
<http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE>
RE: [users@httpd] http and https
Posted by jake borg <ja...@hotmail.com>.
how d fuck do i stop this fucking spam coming in my email ???
> Date: Fri, 21 Sep 2007 09:39:39 -0600> From: sergeyfd@gmail.com> To: users@httpd.apache.org> Subject: Re: [users@httpd] http and https> > Be careful. NameVirtualHosts can't be converted to HTTPs. You can't> have more than one HTTPS server on the same IP:port.> > On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:> > Dear All,> >> > For virtual host config,> > Is there a sample for convert http to https ?> >> > Thanks !> >> > Edward.> >> > ---------------------------------------------------------------------> > The official User-To-User support forum of the Apache HTTP Server Project.> > See <URL:http://httpd.apache.org/userslist.html> for more info.> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org> > " from the digest: users-digest-unsubscribe@httpd.apache.org> > For additional commands, e-mail: users-help@httpd.apache.org> >> >> > > -- > Serge Dubrouski.> > ---------------------------------------------------------------------> The official User-To-User support forum of the Apache HTTP Server Project.> See <URL:http://httpd.apache.org/userslist.html> for more info.> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org> " from the digest: users-digest-unsubscribe@httpd.apache.org> For additional commands, e-mail: users-help@httpd.apache.org>
_________________________________________________________________
Explore the seven wonders of the world
http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
Re: [users@httpd] http and https
Posted by Serge Dubrouski <se...@gmail.com>.
Be careful. NameVirtualHosts can't be converted to HTTPs. You can't
have more than one HTTPS server on the same IP:port.
On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
> Dear All,
>
> For virtual host config,
> Is there a sample for convert http to https ?
>
> Thanks !
>
> Edward.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Serge Dubrouski.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] http and https
Posted by Joshua Slive <jo...@slive.ca>.
On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
> Dear All,
>
> For virtual host config,
> Is there a sample for convert http to https ?
Yes, in recent versions it is installed in conf/extra/httpd-ssl.conf
and in earlier versions conf/ssl.conf (if I remember correctly).
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org