I've been using Apache 1.3 for a while now with several name-based
virtual hosts (my server has only one IP). Recently, I have begun
testing the use of SSL, which is entirely new territory for me. But I
seem to be running into a couple problems.
First thing I notice is that my ssl_engine log yells at me and says I
should not use name-based virtual hosts with SSL. If this is the case,
what would one recommend? What is the "right way" to do it?
During testing of my name-based virtual hosts with SSL, I am using two
of my hosted domains. One of them, the main default domain for my site,
seems to work, except that in my browser (FireFox) the lock icon is
broken, so it seems to not be working from the client side. But no more
info is given as to why that is the case.
The second domain I'm testing seems to be encrypting fine between the
client and server, but when it issues the self-signed cert it sends the
wrong one (the one for the default domain).
Can anyone explain to me what is probably wrong and what the right way
to do things would be?
For reference, here is the VirtualHosts section of my mod_ssl.conf file:
NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot "/home/www/.www"
ServerName www.cyber0ne.com
ServerAlias cyber0ne.com
DirectoryIndex index.aspx index.asp index.html index.htm index.php
HostnameLookups On
ServerAdmin ddonahue@ccs.neu.edu
ErrorLog /var/log/apache/ssl_error_log
LogLevel warn
TransferLog /var/log/apache/ssl_access_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache/ssl.crt/cyber0ne.cert
SSLCertificateKeyFile /etc/apache/ssl.key/cyber0ne.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
CustomLog /var/log/apache/ssl_access_log combined
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/home/www/.www/webusers/newharvest"
ServerName www.newharvestchristians.org
ServerAlias newharvestchristians.org
DirectoryIndex index.aspx index.asp index.html index.htm index.php
HostnameLookups On
ServerAdmin ddonahue@ccs.neu.edu
ErrorLog /var/log/apache/www.newharvestchristians.org-ssl_error_log
LogLevel warn
TransferLog /var/log/apache/www.newharvestchristians.org-ssl_access_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache/ssl.crt/newharvestchristians.cert
SSLCertificateKeyFile /etc/apache/ssl.key/newharvestchristians.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
CustomLog /var/log/apache/www.newharvestchristians.org-ssl_access_log
combined
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/home/www/.www/webusers/newharvest/ftp"
ServerName ftp.newharvestchristians.org
DirectoryIndex index.aspx index.asp index.html index.htm index.php
HostnameLookups On
ServerAdmin ddonahue@ccs.neu.edu
ErrorLog /var/log/apache/www.newharvestchristians.org-ssl_error_log
LogLevel warn
TransferLog /var/log/apache/www.newharvestchristians.org-ssl_access_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache/ssl.crt/newharvestchristians.cert
SSLCertificateKeyFile /etc/apache/ssl.key/newharvestchristians.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
CustomLog /var/log/apache/www.newharvestchristians.org-ssl_access_log
combined
</VirtualHost>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org