It's IP and/or port based. But, do remember, if port based then one is server only one cert, and the trouble is making sure the cert is constructed in a fashoin such that hostnames are not contained within the CN and such. In this case, and others can correct me if I'm wrong here, you would need to generate the cert on the IP rather then FDQN. And I'm not sure openssl allows such a cert, but others might well be better clued then I on this <smile>.
Thanks, Ron DuFresne On Wed, 19 Feb 2003, Jack L. Stone wrote: > Please excuse the top post: > > Ian or anyone, are you sure that a wildcard setup won't work....??? Just > getting ready to do a fresh install involvoing vhosts and this will become > an important issue. > > Thanks! > > At 10:02 AM 2.19.2003 -0700, Ian Moon wrote: > >I believe that I read somewhere that you must have a different > >ip address for each ssl virtualhost. > > > >Ian Moon > > > >On Wed, 19 Feb 2003, Boyle Owen wrote: > > > >> >-----Original Message----- > >> >From: Steve Pirk [mailto:[EMAIL PROTECTED]] > >> >Sent: Donnerstag, 6. Februar 2003 02:02 > >> >To: [EMAIL PROTECTED] > >> >Subject: Multiple SSL VirtualHosts in apache > >> > > >> > > >> >I check the mail archives, but could not find a good > >> >answer for this "problem" I am having. > >> > > >> >I am building out a dev environment using apache > >> >on Solaris. The dev environment needs to run under > >> >SSL (to simulate the production environment). I am > >> >starting with 4 virtual servers. They all use the > >> >same cert file, but are on different ports. > >> > > >> >The problem I am running into is that only the "first" > >> >VirtualHost works. Requests to subsequent ports result > >> >in a mod_ssl:error:HTTP-request error. Here is the error_log > >> >entry: > >> > > >> >[Wed Feb 5 16:45:11 2003] [error] mod_ssl: SSL handshake failed: HTTP > >> >spoken on HTTPS port; trying to send HTML error page (OpenSSL library > >> >error follows) > >> > >> This looks like you typed http://server:7001/ into the browser. You > >> still need to define https even if you have the port number, i.e. > >> https://server:7001/. > >> > >> Can you confirm that if you do this, you still get an error? > >> > >> Rgds, > >> Owen Boyle > >> > >> > >> >[Wed Feb 5 16:45:11 2003] [error] OpenSSL: error:1407609C:SSL > >> >routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking > >> >HTTP to HTTPS > >> >port!?] > >> > > >> >This is being used in conjunction with an auth package, > >> >but the redirect after logging in is https:// > >> > > >> >Does anyone knnow of a good way to have multiple > >> >SSL virtual servers on one apache instance? > >> > >> The way you are doing it is fine. You just have a probelm... > >> > >> > > >> >Here is a sample of httpd.conf. In this case, port 7000 > >> >works, but 7001 and 7002 get the mod_ssl error. > >> > > >> > <VirtualHost 172.16.202.25:7000> > >> > DocumentRoot /some/doc/root > >> > SSLEngine on > >> > SSLCertificateFile /usr/local/apache/certs/my_cert.crt > >> > SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key > >> > </VirtualHost> > >> > > >> > <VirtualHost 172.16.202.25:7001> > >> > DocumentRoot /some/doc/root > >> > SSLEngine on > >> > SSLCertificateFile /usr/local/apache/certs/my_cert.crt > >> > SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key > >> > </VirtualHost> > >> > > >> > <VirtualHost 172.16.202.25:7002> > >> > DocumentRoot /some/doc/root > >> > SSLEngine on > >> > SSLCertificateFile /usr/local/apache/certs/my_cert.crt > >> > SSLCertificateKeyFile /usr/local/apache/certs/my_cert.key > >> > </VirtualHost> > >> > > >> >-- > >> >Steve (egrep) > >> >______________________________________________________________________ > >> >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >> >User Support Mailing List [EMAIL PROTECTED] > >> >Automated List Manager [EMAIL PROTECTED] > >> > > >> > >> This message is for the named person's use only. It may contain > >> confidential, proprietary or legally privileged information. No > >> confidentiality or privilege is waived or lost by any mistransmission. > >> If you receive this message in error, please notify the sender urgently > >> and then immediately delete the message and any copies of it from your > >> system. Please also immediately destroy any hardcopies of the message. > >> You must not, directly or indirectly, use, disclose, distribute, print, > >> or copy any part of this message if you are not the intended recipient. > >> The sender's company reserves the right to monitor all e-mail > >> communications through their networks. Any views expressed in this > >> message are those of the individual sender, except where the message > >> states otherwise and the sender is authorised to state them to be the > >> views of the sender's company. > >> > >> > >> ______________________________________________________________________ > >> Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >> User Support Mailing List [EMAIL PROTECTED] > >> Automated List Manager [EMAIL PROTECTED] > >> > > > >______________________________________________________________________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List [EMAIL PROTECTED] > >Automated List Manager [EMAIL PROTECTED] > > > > > > Best regards, > Jack L. Stone, > Administrator > > Sage American > http://www.sage-american.com > [EMAIL PROTECTED] > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
