Re: mod_sll virtual hosts
Try something like this using IP based virtual hosts: Each one of your virtual hosts can have different SSL key material it points to. # This section only goes in the conf file once - Port 80 ServerName domain.com NameVirtualHost x.x.x.x #- Domain.com - VirtualHost x.x.x.x ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/ ServerName domain.com ServerAlias domain.com www.domain.com LogFormat %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\ combined CustomLog logs/domain.com_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ /VirtualHost VirtualHost x.x.x.x:443 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html/ ServerName domain.com #name on certificate SSLEngine on SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca.crt SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key SSLLog logs/ssl_engine_log SSLLogLevel warn LogFormat %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\ combined CustomLog logs/domain.com_log combined ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ /VirtualHost Repeat the domain.com section for the other domains you need. -Ron On 16 Aug 2002 19:17 CDT you wrote: When I try to load apache, I get the error: [Fri Aug 16 15:11:41 2002] [warn] NameVirtualHost :80 has no VirtualHosts [Fri Aug 16 15:11:41 2002] [warn] NameVirtualHost yy:80 has no VirtualHosts [Fri Aug 16 15:11:41 2002] [warn] NameVirtualHost xxx:80 has no VirtualHosts /usr/local/apache/bin/apachectl startssl: httpd could not be started contrary to what it says, http runs, but without ssl and I have virtualhosts for each namevirtualhost. How should I make my virtual hosts work with mod_sll? Can someone please provide a example? -- Iuri Fiedoruk Santa Maria, RS, Brazil GnuPG Key fingerprint = 9D5F 7FA6 EF2C 6A5E 914F E01B 9434 AA7D 032B 240F __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Is OpenSSL + ModSSL 128 bit encryption capable?
Good Day, My web server softwares are: - OpenSSL 0.96g - mod_ssl 2.8.10 - Apache 1.26 My ISP told me this combination could only support 40-bit cipher strength. However, on mod_ssl official page, I did see: 128-bit strong cryptography world-wide In order to clarify this, would experienced modssl users confirm it for me that I could 1. Buy 128-bit certificate from CA 2. Install the CA on my server with the above configuration 3. Browser with 128-bit cipher strength may communicate with my server using 128-bit encryption. Thanks :-) Yours truly, Jindo __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_sll virtual hosts
On Sat, 17 Aug 2002, Ron Ridley wrote: Try something like this using IP based virtual hosts: Each one of your virtual hosts can have different SSL key material it points to. # This section only goes in the conf file once - Port 80 ServerName domain.com NameVirtualHost x.x.x.x #- Domain.com - VirtualHost x.x.x.x:443 Um, if I'm following this discussion correctly, I believe this advice is mistaken. NameVirtualHost's can *NOT* be used with SSL. Every name-based vhost would in reality get the certificate of the first one listed in the config file. Please see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ToC47 . --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_sll virtual hosts
Em Sab 17 Ago 2002 11:21, Cliff Woolley escreveu: On Sat, 17 Aug 2002, Ron Ridley wrote: Try something like this using IP based virtual hosts: Each one of your virtual hosts can have different SSL key material it points to. # This section only goes in the conf file once - Port 80 ServerName domain.com NameVirtualHost x.x.x.x #- Domain.com - VirtualHost x.x.x.x:443 Um, if I'm following this discussion correctly, I believe this advice is mistaken. NameVirtualHost's can *NOT* be used with SSL. Every name-based vhost would in reality get the certificate of the first one listed in the config file. Please see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ToC47 . Hum, but in case all the virtualhosts are related (as in my case) this would not matter much. But in case not, this would be a really problem. Thanks for your advice. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Iuri Fiedoruk Santa Maria, RS, Brazil GnuPG Key fingerprint = 9D5F 7FA6 EF2C 6A5E 914F E01B 9434 AA7D 032B 240F __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_sll virtual hosts
My mistake. I have an entry NameVirtualHost but it is in the form of NameVirtualHost ip.address.of.host probably left over from some testing. It works for me (as is) which is why I left it in the example. My apologies. -Ron On 17 Aug 2002 14:31 CDT you wrote: Em Sab 17 Ago 2002 11:21, Cliff Woolley escreveu: On Sat, 17 Aug 2002, Ron Ridley wrote: Try something like this using IP based virtual hosts: Each one of your virtual hosts can have different SSL key material it points to. # This section only goes in the conf file once - Port 80 ServerName domain.com NameVirtualHost x.x.x.x #- Domain.com - VirtualHost x.x.x.x:443 Um, if I'm following this discussion correctly, I believe this advice is mistaken. NameVirtualHost's can *NOT* be used with SSL. Every name-based vhost would in reality get the certificate of the first one listed in the config file. Please see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ToC47 . Hum, but in case all the virtualhosts are related (as in my case) this would not matter much. But in case not, this would be a really problem. Thanks for your advice. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Is OpenSSL + ModSSL 128 bit encryption capable?
Yes, it works. On Saturday 17 August 2002 06:07, Jindo wrote: Good Day, My web server softwares are: - OpenSSL 0.96g - mod_ssl 2.8.10 - Apache 1.26 My ISP told me this combination could only support 40-bit cipher strength. However, on mod_ssl official page, I did see: 128-bit strong cryptography world-wide In order to clarify this, would experienced modssl users confirm it for me that I could 1. Buy 128-bit certificate from CA 2. Install the CA on my server with the above configuration 3. Browser with 128-bit cipher strength may communicate with my server using 128-bit encryption. Thanks :-) Yours truly, Jindo __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- --- Take care, Randy Katz __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]