httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leif W" <warp-...@usa.net>
Subject Re: [users@httpd] Apache 2 VirtualHost and SSL
Date Wed, 08 Oct 2003 21:16:12 GMT
I think that the SSL enabled VirtualHost section needs those basic things
included from ssl.conf.  The ssl.conf is setting things in a different
context than the specific VirtualHost context.  I've had success by just
copying all the basic uncommented things from ssl.conf into each of my SSL
enabled VirtualHost sections.  Note that you can only have one SSL enabled
VirtualHost per IP:port pair.

Leif

DocumentRoot "/usr/local/apache2/htdocs"
ServerName www.xxx.com:443
ServerAdmin you@your.address
ErrorLog /path/to/logs/error_log
TransferLog /path/to/logs/access_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /path/to/ssl/www.xxx.com.crt
SSLCertificateKeyFile /path/to/ssl/www.xxx.com.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



----- Original Message ----- 
From: "Peter Fleck" <fleck004@umn.edu>
To: <users@httpd.apache.org>
Sent: Wednesday, October 08, 2003 5:01 PM
Subject: [users@httpd] Apache 2 VirtualHost and SSL


> Greetings,
>
> I'm using name-based virtual hosting. I want to have three sites, one
> using SSL.
>
> Running Apache 2 on Redhat Linux 9.
>
> SSL is running at least that's what cURL  and the openSSL test say.
> And I get an error whenever I try to go to the SSL page. The error in
> the ssl_error log is:
>
> [warn] RSA server certificate is a CA certificate (BasicConstraints:
> CA == TRUE !?)
>
> So maybe that's the problem? I generated my own certificate and key
> for testing purposes.
>
> Some highlights from my .conf files:
>
> Listen 80
> Listen 443
>
> Include conf.d/ssl.conf
>
> ServerName www.cancer.umn.edu:80
> DocumentRoot "/var/www/html"
>
> NameVirtualHost 160.94.109.179:80
>
> <VirtualHost 160.94.109.179:80>
>      ServerName www.cancer.umn.edu
>      DocumentRoot /var/www/html/cc
> ...
> </VirtualHost>
>
> <VirtualHost 160.94.109.179:80>
>      ServerName www.tturc.umn.edu
>      DocumentRoot /var/www/html/tturc
> ...
> </VirtualHost>
>
> # THE ssl.conf file (Include above) is pretty much default except
> # I commented out the 'Listen 443' since I added that above
> # VirtualHost directive is:
>
> <VirtualHost 160.94.109.179:443>
>     DocumentRoot "/var/www/html/cc-secure"
>     ServerName www.cancer.umn.edu
> ...
> </VirtualHost>
>
>
> ### END
>
> When I try to connect, the browser gives "Connection refused..." and
> the error I listed above appears in the ssl_error log. But when I use
> curl (curl https://www.cancer.umn.edu), I get the page in the ssl
> directory returned to the terminal window.
>
> I'm hoping I'm missing something obvious to the experienced apache
> users here. I've scoured the docs with no luck.
>
> Thanks.
> -- 
> Peter Fleck
> Webmaster | University of Minnesota Cancer Center
> Dinnaken Office Bldg.
> 925 Delaware St. SE
> Minneapolis, MN  55414
> 612-625-8668 | fleck004@umn.edu | www.cancer.umn.edu
> Campus Mail: MMC 806
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message