Alvaro Lopez Ortega escribió: > Armando Camarero wrote, On 01/01/07 21:23: > > > I suppose that it's trying to enable SSL in "default" virtual > > server. How do I tell Cherokee to use that certificate only in one > > virtual server? > > You only have to add the appropriate entries to the virtual host > configuration: SSLCertificateFile, SSLCertificateKeyFile or > SSLCAListFile. > > By the way, double check that you added it inside the "Server" > entry. It should be something like this: > > Server host2.com, www.host2.com { > # Basic stuff > # (..) > > # HTTPS > SSLCertificateFile /path/file > # (..) > } > I finally made this "work" using a CA Cert certificate. The point is:
SSLCertificateFile must point to a file containing just the certificate (the file with "BEGIN CERTIFICATE") SSLCertificateKeyFile must point to a file containing just the private key ("BEGIN RSA PRIVATE KEY") SSLCAListFile must point to the root certificate. In my case, the root certificate of CA Cert. I said "work" because cherokee prints some errors to console when serving pages using SSL. (Mozilla Firefox reports an error too): Cherokee Web Server 0.5.6: Listening on ports 80 and 443 with TLS support via OpenSSL, IPv6 disable, using epoll, 16384 fds limit 5 threads, 3276 fds in each, standard scheduling policy socket.c:423: ERROR: Init OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac socket.c:698: ERROR: SSL_write (22, ..) -> err=-1 'error:00000005:lib(0):func(0):DH lib' socket.c:423: ERROR: Init OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac socket.c:423: ERROR: Init OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac socket.c:423: ERROR: Init OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac Every error means that something doesn't get transferred (an image, the css file...). It's unusable because pages doesn't load completely, as I said, missing images or missing CSS. You can test what I mean in www.alumnosescet.es; Firefox tells the user when a SSL error happened (IE just doesn't display the missing element). Apart from that, it seems that the SSL certificate you use in the default virtual server gets used on all the virtual servers. Tell me if you need more information on this issue or if I'm doing something wrong. Thanks in advance, Armando. _______________________________________________ Cherokee mailing list Cherokee@cherokee-project.com http://cherokee-project.com/cgi-bin/mailman/listinfo/cherokee