You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Scott Whitney <sc...@journyx.com> on 2010/07/01 19:39:19 UTC
[users@httpd] Name-based virtual hosting SSL (seems to work)
I've read this:
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts
and it seems to state that this:
<VirtualHost *:443>
AddHandler fastcgi-script .fcgi .fcg .fpl .py .pyc
DocumentRoot /home/eggs/jt/pi/www/htdocs
ServerName eggs.test.mycompany.com
FastCgiExternalServer /home/eggs/jt/pi/pylib -host 127.0.0.1:5000
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/ssl/host.cert
SSLCertificateKeyFile /etc/httpd/ssl/host.key
</VirtualHost>
<VirtualHost *:443>
AddHandler fastcgi-script .fcgi .fcg .fpl .py .pyc
DocumentRoot /home/toast/jt/pi/www/htdocs
ServerName toast.test.mycompany.com
FastCgiExternalServer /home/toast/jt/pi/pylib -host 127.0.0.1:5000
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/ssl/host.cert
SSLCertificateKeyFile /etc/httpd/ssl/host.key
</VirtualHost>
However, it's working fine for me. When I go to eggs.test.mycommpany.com, I get the "eggs site", and when I go to toast, I get the "toast site."
Am I missing something? I'm using the same certificate for all sites. The statement is very clear that this cannot and will not work, but it seems to be working for me.
Can someone elucidate?
Re: [users@httpd] Name-based virtual hosting SSL (seems to work)
Posted by Eric Covener <co...@gmail.com>.
On Thu, Jul 1, 2010 at 3:51 PM, Eric Covener <co...@gmail.com> wrote:
>>
>> Am I missing something? I'm using the same certificate for all sites. The
>> statement is very clear that this cannot and will not work, but it seems to
>> be working for me.
>>
>> Can someone elucidate?
>
> The FAQ for that release should say that the vhost-scope SSL
> configuration of the first-listed NVH will be used, limiting the
> certificate that can be prevented to the default vhosts'.
>
should have added "in my opinion" here
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Name-based virtual hosting SSL (seems to work)
Posted by Scott Whitney <sc...@journyx.com>.
Thanks, Eric.
I'm a little confused. I _think_ you're saying that the vhost-scope configuration _for the SSL Certificate stuff only_ will be served up to all,
but the remaining directives (Directory, FastCGI stuff, etc) will be on a per NVH basis? At least those are the results that I'm seeing.
Which, if I'm reading this correctly, should be a complete non-issue, assuming that all sites are using the same wildcard certificates, right?
>
> Am I missing something? I'm using the same certificate for all sites. The
> statement is very clear that this cannot and will not work, but it seems to
> be working for me.
>
> Can someone elucidate?
The FAQ for that release should say that the vhost-scope SSL
configuration of the first-listed NVH will be used, limiting the
certificate that can be prevented to the default vhosts'.
--
Eric Covener
covener@gmail.com
Re: [users@httpd] Name-based virtual hosting SSL (seems to work)
Posted by Eric Covener <co...@gmail.com>.
>
> Am I missing something? I'm using the same certificate for all sites. The
> statement is very clear that this cannot and will not work, but it seems to
> be working for me.
>
> Can someone elucidate?
The FAQ for that release should say that the vhost-scope SSL
configuration of the first-listed NVH will be used, limiting the
certificate that can be prevented to the default vhosts'.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org