You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Peter Fleck <fl...@umn.edu> on 2003/10/08 23:01:45 UTC
[users@httpd] Apache 2 VirtualHost and SSL
Greetings,
I'm using name-based virtual hosting. I want to have three sites, one
using SSL.
Running Apache 2 on Redhat Linux 9.
SSL is running at least that's what cURL and the openSSL test say.
And I get an error whenever I try to go to the SSL page. The error in
the ssl_error log is:
[warn] RSA server certificate is a CA certificate (BasicConstraints:
CA == TRUE !?)
So maybe that's the problem? I generated my own certificate and key
for testing purposes.
Some highlights from my .conf files:
Listen 80
Listen 443
Include conf.d/ssl.conf
ServerName www.cancer.umn.edu:80
DocumentRoot "/var/www/html"
NameVirtualHost 160.94.109.179:80
<VirtualHost 160.94.109.179:80>
ServerName www.cancer.umn.edu
DocumentRoot /var/www/html/cc
...
</VirtualHost>
<VirtualHost 160.94.109.179:80>
ServerName www.tturc.umn.edu
DocumentRoot /var/www/html/tturc
...
</VirtualHost>
# THE ssl.conf file (Include above) is pretty much default except
# I commented out the 'Listen 443' since I added that above
# VirtualHost directive is:
<VirtualHost 160.94.109.179:443>
DocumentRoot "/var/www/html/cc-secure"
ServerName www.cancer.umn.edu
...
</VirtualHost>
### END
When I try to connect, the browser gives "Connection refused..." and
the error I listed above appears in the ssl_error log. But when I use
curl (curl https://www.cancer.umn.edu), I get the page in the ssl
directory returned to the terminal window.
I'm hoping I'm missing something obvious to the experienced apache
users here. I've scoured the docs with no luck.
Thanks.
--
Peter Fleck
Webmaster | University of Minnesota Cancer Center
Dinnaken Office Bldg.
925 Delaware St. SE
Minneapolis, MN 55414
612-625-8668 | fleck004@umn.edu | www.cancer.umn.edu
Campus Mail: MMC 806
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2 VirtualHost and SSL
Posted by Joe Apache <ap...@productivitymedia.com>.
If your using the basic SSL setup and your getting Certificate problem,
than the certificate is your problem. Build another certificate and
see what happens... I'm assuming that your build your cert with -x509?
J
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2 VirtualHost and SSL
Posted by Peter Fleck <fl...@umn.edu>.
That's the setup for the default ssl.conf file and that's what I
have. I just abbreviated the VirtualHost directive in my email.
>I think that the SSL enabled VirtualHost section needs those basic things
>included from ssl.conf. The ssl.conf is setting things in a different
>context than the specific VirtualHost context. I've had success by just
>copying all the basic uncommented things from ssl.conf into each of my SSL
>enabled VirtualHost sections. Note that you can only have one SSL enabled
>VirtualHost per IP:port pair.
>
>Leif
>
>DocumentRoot "/usr/local/apache2/htdocs"
>ServerName www.xxx.com:443
>ServerAdmin you@your.address
>ErrorLog /path/to/logs/error_log
>TransferLog /path/to/logs/access_log
>SSLEngine on
>SSLCipherSuite
>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>SSLCertificateFile /path/to/ssl/www.xxx.com.crt
>SSLCertificateKeyFile /path/to/ssl/www.xxx.com.key
><Files ~ "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars
></Files>
><Directory "/usr/local/apache2/cgi-bin">
> SSLOptions +StdEnvVars
></Directory>
>SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>CustomLog logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
>----- Original Message -----
>From: "Peter Fleck" <fl...@umn.edu>
>To: <us...@httpd.apache.org>
>Sent: Wednesday, October 08, 2003 5:01 PM
>Subject: [users@httpd] Apache 2 VirtualHost and SSL
>
>
>> Greetings,
>>
>> I'm using name-based virtual hosting. I want to have three sites, one
>> using SSL.
>>
>> Running Apache 2 on Redhat Linux 9.
>>
>> SSL is running at least that's what cURL and the openSSL test say.
>> And I get an error whenever I try to go to the SSL page. The error in
>> the ssl_error log is:
>>
>> [warn] RSA server certificate is a CA certificate (BasicConstraints:
>> CA == TRUE !?)
>>
>> So maybe that's the problem? I generated my own certificate and key
>> for testing purposes.
>>
>> Some highlights from my .conf files:
>>
>> Listen 80
>> Listen 443
>>
>> Include conf.d/ssl.conf
>>
>> ServerName www.cancer.umn.edu:80
>> DocumentRoot "/var/www/html"
>>
>> NameVirtualHost 160.94.109.179:80
>>
>> <VirtualHost 160.94.109.179:80>
>> ServerName www.cancer.umn.edu
>> DocumentRoot /var/www/html/cc
>> ...
>> </VirtualHost>
>>
>> <VirtualHost 160.94.109.179:80>
>> ServerName www.tturc.umn.edu
>> DocumentRoot /var/www/html/tturc
>> ...
>> </VirtualHost>
>>
>> # THE ssl.conf file (Include above) is pretty much default except
>> # I commented out the 'Listen 443' since I added that above
>> # VirtualHost directive is:
>>
>> <VirtualHost 160.94.109.179:443>
>> DocumentRoot "/var/www/html/cc-secure"
>> ServerName www.cancer.umn.edu
>> ...
>> </VirtualHost>
>>
>>
>> ### END
>>
>> When I try to connect, the browser gives "Connection refused..." and
>> the error I listed above appears in the ssl_error log. But when I use
>> curl (curl https://www.cancer.umn.edu), I get the page in the ssl
> > directory returned to the terminal window.
--
Peter Fleck
Webmaster | University of Minnesota Cancer Center
Dinnaken Office Bldg.
925 Delaware St. SE
Minneapolis, MN 55414
612-625-8668 | fleck004@umn.edu | www.cancer.umn.edu
Campus Mail: MMC 806
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2 VirtualHost and SSL
Posted by Leif W <wa...@usa.net>.
I think that the SSL enabled VirtualHost section needs those basic things
included from ssl.conf. The ssl.conf is setting things in a different
context than the specific VirtualHost context. I've had success by just
copying all the basic uncommented things from ssl.conf into each of my SSL
enabled VirtualHost sections. Note that you can only have one SSL enabled
VirtualHost per IP:port pair.
Leif
DocumentRoot "/usr/local/apache2/htdocs"
ServerName www.xxx.com:443
ServerAdmin you@your.address
ErrorLog /path/to/logs/error_log
TransferLog /path/to/logs/access_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /path/to/ssl/www.xxx.com.crt
SSLCertificateKeyFile /path/to/ssl/www.xxx.com.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
----- Original Message -----
From: "Peter Fleck" <fl...@umn.edu>
To: <us...@httpd.apache.org>
Sent: Wednesday, October 08, 2003 5:01 PM
Subject: [users@httpd] Apache 2 VirtualHost and SSL
> Greetings,
>
> I'm using name-based virtual hosting. I want to have three sites, one
> using SSL.
>
> Running Apache 2 on Redhat Linux 9.
>
> SSL is running at least that's what cURL and the openSSL test say.
> And I get an error whenever I try to go to the SSL page. The error in
> the ssl_error log is:
>
> [warn] RSA server certificate is a CA certificate (BasicConstraints:
> CA == TRUE !?)
>
> So maybe that's the problem? I generated my own certificate and key
> for testing purposes.
>
> Some highlights from my .conf files:
>
> Listen 80
> Listen 443
>
> Include conf.d/ssl.conf
>
> ServerName www.cancer.umn.edu:80
> DocumentRoot "/var/www/html"
>
> NameVirtualHost 160.94.109.179:80
>
> <VirtualHost 160.94.109.179:80>
> ServerName www.cancer.umn.edu
> DocumentRoot /var/www/html/cc
> ...
> </VirtualHost>
>
> <VirtualHost 160.94.109.179:80>
> ServerName www.tturc.umn.edu
> DocumentRoot /var/www/html/tturc
> ...
> </VirtualHost>
>
> # THE ssl.conf file (Include above) is pretty much default except
> # I commented out the 'Listen 443' since I added that above
> # VirtualHost directive is:
>
> <VirtualHost 160.94.109.179:443>
> DocumentRoot "/var/www/html/cc-secure"
> ServerName www.cancer.umn.edu
> ...
> </VirtualHost>
>
>
> ### END
>
> When I try to connect, the browser gives "Connection refused..." and
> the error I listed above appears in the ssl_error log. But when I use
> curl (curl https://www.cancer.umn.edu), I get the page in the ssl
> directory returned to the terminal window.
>
> I'm hoping I'm missing something obvious to the experienced apache
> users here. I've scoured the docs with no luck.
>
> Thanks.
> --
> Peter Fleck
> Webmaster | University of Minnesota Cancer Center
> Dinnaken Office Bldg.
> 925 Delaware St. SE
> Minneapolis, MN 55414
> 612-625-8668 | fleck004@umn.edu | www.cancer.umn.edu
> Campus Mail: MMC 806
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org