You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Bill Angus <md...@psychtest.com> on 2006/05/02 15:24:40 UTC
[users@httpd] Question about setting up secure service
Dear All: sorry for the length of this -- I am an SSL newbie and need a bit of install advice.
We have a windows environment, and have installed Apache2.0.55 with SSL support plus openSSL. We have one dedicated IP address which is currently shared by two name-based virtual hosts. I want to set up a secure subdirectory of one of these domains, in which I can place my e-commerce web-store (and later, possibly some online services). My router is assigned to forward the incoming port 80 and port 443 to the box with IP 192.168.1.2 which has apache on it.
I bought a certificate from a CA and attempted to set up the SSL.conf to give me another virtual server -- but so far no joy. I can't seem to get port 443 virtual service https://www.psychtest.com to work alongside port 80 service http://www.psychtest.com
The instructions from the CA I dealt with were brief, and upon following them, the setup didn't work. A call to their customer support indicates that the CA lets me secure a specific subdomain, BUT they also want a unique dedicated internet ip address before letting me secure a "subdomain" with one of their certs.
Is there a different CA or some way I can to secure a subdirectory or subdomain without getting another dedicated IP address? Can anybody tell me what is the best way to set up for us?
below is my ssl.conf
------------------------------------------------
<IfDefine SSL>
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:logs/ssl_mutex
<VirtualHost 192.168.1.2:443>
#<VirtualHost *:443> (doesn't work)
#<VirtualHost _default_:443>
DocumentRoot "C:/Homepage/secure"
<Directory "C:/Homepage/secure">
SSLRequireSSL
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# 3 fiels sent to me from the CA
SSLCertificateFile C:/Homepage/Certs/www.psychtest.com.crt
SSLCertificateKeyFile C:/Homepage/Certs/MyCertifcate.key
SSLCertificateChainFile C:/Homepage/Certs/sf_issuing.crt
SSLVerifyDepth 5
<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "C:\Program Files\Apache Group\Apache2\cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>
[users@httpd] Re: Question about setting up secure service
Posted by Joost de Heer <sa...@xs4all.nl>.
> I bought a certificate from a CA and attempted to set up the SSL.conf to
> give me another virtual server -- but so far no joy. I can't seem to get
> port 443 virtual service https://www.psychtest.com to work alongside port
> 80 service http://www.psychtest.com
[snip]
> below is my ssl.conf
Do you actually include this in your httpd.conf? Make e.g. a deliberate
typo in a directive in this file, and see if it bugs out on configtest.
Joost
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org