Re: [Cherokee] ¿SSL + virtual hosts?

Fri, 16 Feb 2007 09:07:11 -0800 

Alvaro Lopez Ortega escribió:
> Armando Camarero wrote, On 01/01/07 21:23:
>
> > I suppose that it's trying to enable SSL in "default" virtual
> > server. How do I tell Cherokee to use that certificate only in one
> > virtual server?
>
>   You only have to add the appropriate entries to the virtual host
>   configuration: SSLCertificateFile, SSLCertificateKeyFile or
>   SSLCAListFile.
>
>   By the way, double check that you added it inside the "Server"
>   entry. It should be something like this:
>
>   Server host2.com, www.host2.com {
>      # Basic stuff
>      # (..)
>
>      # HTTPS
>      SSLCertificateFile /path/file
>      # (..)
>   }
>
I finally made this "work" using a CA Cert certificate. The point is:

SSLCertificateFile must point to a file containing just the certificate
(the file with "BEGIN CERTIFICATE")
SSLCertificateKeyFile must point to a file containing just the private
key ("BEGIN RSA PRIVATE KEY")
SSLCAListFile must point to the root certificate. In my case, the root
certificate of CA Cert.

I said "work" because cherokee prints some errors to console when
serving pages using SSL. (Mozilla Firefox reports an error too):

Cherokee Web Server 0.5.6: Listening on ports 80 and 443
 with TLS support via OpenSSL, IPv6 disable, using epoll, 16384 fds limit
 5 threads, 3276 fds in each, standard scheduling policy
socket.c:423: ERROR: Init OpenSSL: error:1408F455:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac
socket.c:698: ERROR: SSL_write (22, ..) -> err=-1
'error:00000005:lib(0):func(0):DH lib'
socket.c:423: ERROR: Init OpenSSL: error:1408F455:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac
socket.c:423: ERROR: Init OpenSSL: error:1408F455:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac
socket.c:423: ERROR: Init OpenSSL: error:1408F455:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac

Every error means that something doesn't get transferred (an image, the
css file...). It's unusable because pages doesn't load completely, as I
said, missing images or missing CSS. You can test what I mean in
www.alumnosescet.es; Firefox tells the user when a SSL error happened
(IE just doesn't display the missing element).

Apart from that, it seems that the SSL certificate you use in the
default virtual server gets used on all the virtual servers.

Tell me if you need more information on this issue or if I'm doing
something wrong.

Thanks in advance,
Armando.
_______________________________________________
Cherokee mailing list
Cherokee@cherokee-project.com
http://cherokee-project.com/cgi-bin/mailman/listinfo/cherokee

Reply via email to