You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Scott Whitney <sc...@journyx.com> on 2010/07/01 19:39:19 UTC

[users@httpd] Name-based virtual hosting SSL (seems to work)

I've read this: 
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts 

and it seems to state that this: 

<VirtualHost *:443> 
AddHandler fastcgi-script .fcgi .fcg .fpl .py .pyc 
DocumentRoot /home/eggs/jt/pi/www/htdocs 
ServerName eggs.test.mycompany.com 
FastCgiExternalServer /home/eggs/jt/pi/pylib -host 127.0.0.1:5000 
SSLEngine on 
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+SSLv2:+EXP:+eNULL 
SSLCertificateFile /etc/httpd/ssl/host.cert 
SSLCertificateKeyFile /etc/httpd/ssl/host.key 
</VirtualHost> 

<VirtualHost *:443> 
AddHandler fastcgi-script .fcgi .fcg .fpl .py .pyc 
DocumentRoot /home/toast/jt/pi/www/htdocs 
ServerName toast.test.mycompany.com 
FastCgiExternalServer /home/toast/jt/pi/pylib -host 127.0.0.1:5000 
SSLEngine on 
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+SSLv2:+EXP:+eNULL 
SSLCertificateFile /etc/httpd/ssl/host.cert 
SSLCertificateKeyFile /etc/httpd/ssl/host.key 
</VirtualHost> 

However, it's working fine for me. When I go to eggs.test.mycommpany.com, I get the "eggs site", and when I go to toast, I get the "toast site." 

Am I missing something? I'm using the same certificate for all sites. The statement is very clear that this cannot and will not work, but it seems to be working for me. 

Can someone elucidate?

Re: [users@httpd] Name-based virtual hosting SSL (seems to work)

Posted by Eric Covener <co...@gmail.com>.

On Thu, Jul 1, 2010 at 3:51 PM, Eric Covener <co...@gmail.com> wrote:
>>
>> Am I missing something? I'm using the same certificate for all sites. The
>> statement is very clear that this cannot and will not work, but it seems to
>> be working for me.
>>
>> Can someone elucidate?
>
> The FAQ for that release should say that the vhost-scope SSL
> configuration of the first-listed NVH will be used, limiting the
> certificate that can be prevented to the default vhosts'.
>

should have added "in my opinion" here

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Name-based virtual hosting SSL (seems to work)

Posted by Scott Whitney <sc...@journyx.com>.

Thanks, Eric. 

I'm a little confused. I _think_ you're saying that the vhost-scope configuration _for the SSL Certificate stuff only_ will be served up to all, 
but the remaining directives (Directory, FastCGI stuff, etc) will be on a per NVH basis? At least those are the results that I'm seeing. 

Which, if I'm reading this correctly, should be a complete non-issue, assuming that all sites are using the same wildcard certificates, right? 




> 
> Am I missing something? I'm using the same certificate for all sites. The 
> statement is very clear that this cannot and will not work, but it seems to 
> be working for me. 
> 
> Can someone elucidate? 

The FAQ for that release should say that the vhost-scope SSL 
configuration of the first-listed NVH will be used, limiting the 
certificate that can be prevented to the default vhosts'. 

-- 
Eric Covener 
covener@gmail.com

Re: [users@httpd] Name-based virtual hosting SSL (seems to work)

Posted by Eric Covener <co...@gmail.com>.

>
> Am I missing something? I'm using the same certificate for all sites. The
> statement is very clear that this cannot and will not work, but it seems to
> be working for me.
>
> Can someone elucidate?

The FAQ for that release should say that the vhost-scope SSL
configuration of the first-listed NVH will be used, limiting the
certificate that can be prevented to the default vhosts'.

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org