You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by James Smallacombe <up...@3.am> on 2010/02/12 17:54:34 UTC

[users@httpd] Silly SSL vhost problem

Hi:

I've been running various apache's for years, including with multiple SSL 
vhosts, etc.  I have three separate SSL vhosts on this particular 
Apache/2.2.11 installation, and for some reason, of the three SSL vhosts 
below, ssl2.our.domain works fine, www.customer.domain works fine, but 
ssl.our.domain doesn't.  It loads the certificate AND document foor from 
ssl2.our.domain.  They are each on different IPs as well.

Here is the httpd-ssl.conf file of the box.  I must be doing something 
wrong, but I haven't figured out what yet, so any clues would be 
appreciated. IPs and host names changed for obvious reasons:

-----
Listen *:443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog exec:/path/to/ssl/passphrase/file
SSLSessionCache        "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout  300

SSLMutex  "file:/var/run/ssl_mutex"

<VirtualHost 10.1.1.1:443>

DocumentRoot "/usr/local/www/apache22/data"
ServerName ssl2.our.domain:443
ServerAdmin webmaster@our.domain
ErrorLog "/var/log/httpd-error.log"
TransferLog "/var/log/httpd-access.log"
php_admin_value suhosin.executor.func.blacklist  (truncated)
SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile "/usr/local/etc/apache22/ssl/ssl2.our.domain.crt"

SSLCertificateKeyFile "/usr/local/etc/apache22/ssl/ssl2.our.domain.key"

BrowserMatch ".*MSIE.*" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0

CustomLog "/var/log/httpd-ssl_request.log" \
           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

<VirtualHost 10.1.1.2:443>
DocumentRoot /usr/local/apache/htdocs/subdir
ServerName ssl.our.domain:443
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/usr/local/etc/apache22/ssl/ssl.our.domain.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/ssl/ssl.our.domain.key"
CustomLog "/var/log/httpd-ssl_request.log" \
           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

<VirtualHost 10.1.1.3:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
ServerAdmin webmaster@customer.domain
SuexecUserGroup someuser somegroup
DocumentRoot /home/servers/customer.domain/pages
ServerName www.customer.domain:443
HostnameLookups Off
CustomLog /home/servers/customer.domain/access_log combined
ScriptAlias /cgi-bin/ "/home/servers/customer.domain/cgi-bin/"
SSLCertificateFile /usr/local/etc/apache22/ssl/www.customer.domain.crt
SSLCertificateKeyFile /usr/local/etc/apache22/ssl/www.customer.domain.key
</VirtualHost>


James Smallacombe		      PlantageNet, Inc. CEO and Janitor
up@3.am							    http://3.am
=========================================================================

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Silly SSL vhost problem

Posted by James Smallacombe <up...@3.am>.

Please disregard this...of all the things I didn;t check...the DNS! Doh!

On Fri, 12 Feb 2010, James Smallacombe wrote:

>
> Hi:
>
> I've been running various apache's for years, including with multiple SSL 
> vhosts, etc.  I have three separate SSL vhosts on this particular 
> Apache/2.2.11 installation, and for some reason, of the three SSL vhosts 
> below, ssl2.our.domain works fine, www.customer.domain works fine, but 
> ssl.our.domain doesn't.  It loads the certificate AND document foor from 
> ssl2.our.domain.  They are each on different IPs as well.
>
> Here is the httpd-ssl.conf file of the box.  I must be doing something wrong, 
> but I haven't figured out what yet, so any clues would be appreciated. IPs 
> and host names changed for obvious reasons:
>
> -----
> Listen *:443
>
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
>
> SSLPassPhraseDialog exec:/path/to/ssl/passphrase/file
> SSLSessionCache        "shmcb:/var/run/ssl_scache(512000)"
> SSLSessionCacheTimeout  300
>
> SSLMutex  "file:/var/run/ssl_mutex"
>
> <VirtualHost 10.1.1.1:443>
>
> DocumentRoot "/usr/local/www/apache22/data"
> ServerName ssl2.our.domain:443
> ServerAdmin webmaster@our.domain
> ErrorLog "/var/log/httpd-error.log"
> TransferLog "/var/log/httpd-access.log"
> php_admin_value suhosin.executor.func.blacklist  (truncated)
> SSLEngine on
>
> SSLCipherSuite 
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> SSLCertificateFile "/usr/local/etc/apache22/ssl/ssl2.our.domain.crt"
>
> SSLCertificateKeyFile "/usr/local/etc/apache22/ssl/ssl2.our.domain.key"
>
> BrowserMatch ".*MSIE.*" \
>         nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
>
> CustomLog "/var/log/httpd-ssl_request.log" \
>          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> </VirtualHost>
>
> <VirtualHost 10.1.1.2:443>
> DocumentRoot /usr/local/apache/htdocs/subdir
> ServerName ssl.our.domain:443
> SSLEngine on
> SSLCipherSuite 
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile "/usr/local/etc/apache22/ssl/ssl.our.domain.crt"
> SSLCertificateKeyFile "/usr/local/etc/apache22/ssl/ssl.our.domain.key"
> CustomLog "/var/log/httpd-ssl_request.log" \
>          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> </VirtualHost>
>
> <VirtualHost 10.1.1.3:443>
> SSLEngine on
> SSLCipherSuite 
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> ServerAdmin webmaster@customer.domain
> SuexecUserGroup someuser somegroup
> DocumentRoot /home/servers/customer.domain/pages
> ServerName www.customer.domain:443
> HostnameLookups Off
> CustomLog /home/servers/customer.domain/access_log combined
> ScriptAlias /cgi-bin/ "/home/servers/customer.domain/cgi-bin/"
> SSLCertificateFile /usr/local/etc/apache22/ssl/www.customer.domain.crt
> SSLCertificateKeyFile /usr/local/etc/apache22/ssl/www.customer.domain.key
> </VirtualHost>
>
>
> James Smallacombe		      PlantageNet, Inc. CEO and Janitor
> up@3.am							    http://3.am
> =========================================================================
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

James Smallacombe		      PlantageNet, Inc. CEO and Janitor
up@3.am							    http://3.am
=========================================================================

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org