Re: mod_sll virtual hosts
Try something like this using IP based virtual hosts:
Each one of your virtual hosts can have different SSL key material it points to.
# This section only goes in the conf file once -
Port 80
ServerName domain.com
NameVirtualHost x.x.x.x
#- Domain.com -
VirtualHost x.x.x.x
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /home/httpd/html/
ServerName domain.com
ServerAlias domain.com www.domain.com
LogFormat %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\ combined
CustomLog logs/domain.com_log combined
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
/VirtualHost
VirtualHost x.x.x.x:443
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /home/httpd/html/
ServerName domain.com #name on certificate
SSLEngine on
SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca.crt
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLLog logs/ssl_engine_log
SSLLogLevel warn
LogFormat %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\ combined
CustomLog logs/domain.com_log combined
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
/VirtualHost
Repeat the domain.com section for the other domains you need.
-Ron
On 16 Aug 2002 19:17 CDT you wrote:
When I try to load apache, I get the error:
[Fri Aug 16 15:11:41 2002] [warn] NameVirtualHost :80 has no
VirtualHosts
[Fri Aug 16 15:11:41 2002] [warn] NameVirtualHost yy:80 has no
VirtualHosts
[Fri Aug 16 15:11:41 2002] [warn] NameVirtualHost xxx:80 has no
VirtualHosts
/usr/local/apache/bin/apachectl startssl: httpd could not be started
contrary to what it says, http runs, but without ssl and I have virtualhosts
for each namevirtualhost.
How should I make my virtual hosts work with mod_sll? Can someone please
provide a example?
--
Iuri Fiedoruk
Santa Maria, RS, Brazil
GnuPG Key fingerprint = 9D5F 7FA6 EF2C 6A5E 914F E01B 9434 AA7D 032B 240F
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Is OpenSSL + ModSSL 128 bit encryption capable?
Good Day, My web server softwares are: - OpenSSL 0.96g - mod_ssl 2.8.10 - Apache 1.26 My ISP told me this combination could only support 40-bit cipher strength. However, on mod_ssl official page, I did see: 128-bit strong cryptography world-wide In order to clarify this, would experienced modssl users confirm it for me that I could 1. Buy 128-bit certificate from CA 2. Install the CA on my server with the above configuration 3. Browser with 128-bit cipher strength may communicate with my server using 128-bit encryption. Thanks :-) Yours truly, Jindo __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_sll virtual hosts
On Sat, 17 Aug 2002, Ron Ridley wrote: Try something like this using IP based virtual hosts: Each one of your virtual hosts can have different SSL key material it points to. # This section only goes in the conf file once - Port 80 ServerName domain.com NameVirtualHost x.x.x.x #- Domain.com - VirtualHost x.x.x.x:443 Um, if I'm following this discussion correctly, I believe this advice is mistaken. NameVirtualHost's can *NOT* be used with SSL. Every name-based vhost would in reality get the certificate of the first one listed in the config file. Please see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ToC47 . --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_sll virtual hosts
Em Sab 17 Ago 2002 11:21, Cliff Woolley escreveu: On Sat, 17 Aug 2002, Ron Ridley wrote: Try something like this using IP based virtual hosts: Each one of your virtual hosts can have different SSL key material it points to. # This section only goes in the conf file once - Port 80 ServerName domain.com NameVirtualHost x.x.x.x #- Domain.com - VirtualHost x.x.x.x:443 Um, if I'm following this discussion correctly, I believe this advice is mistaken. NameVirtualHost's can *NOT* be used with SSL. Every name-based vhost would in reality get the certificate of the first one listed in the config file. Please see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ToC47 . Hum, but in case all the virtualhosts are related (as in my case) this would not matter much. But in case not, this would be a really problem. Thanks for your advice. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Iuri Fiedoruk Santa Maria, RS, Brazil GnuPG Key fingerprint = 9D5F 7FA6 EF2C 6A5E 914F E01B 9434 AA7D 032B 240F __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_sll virtual hosts
My mistake. I have an entry NameVirtualHost but it is in the form of NameVirtualHost ip.address.of.host probably left over from some testing. It works for me (as is) which is why I left it in the example. My apologies. -Ron On 17 Aug 2002 14:31 CDT you wrote: Em Sab 17 Ago 2002 11:21, Cliff Woolley escreveu: On Sat, 17 Aug 2002, Ron Ridley wrote: Try something like this using IP based virtual hosts: Each one of your virtual hosts can have different SSL key material it points to. # This section only goes in the conf file once - Port 80 ServerName domain.com NameVirtualHost x.x.x.x #- Domain.com - VirtualHost x.x.x.x:443 Um, if I'm following this discussion correctly, I believe this advice is mistaken. NameVirtualHost's can *NOT* be used with SSL. Every name-based vhost would in reality get the certificate of the first one listed in the config file. Please see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ToC47 . Hum, but in case all the virtualhosts are related (as in my case) this would not matter much. But in case not, this would be a really problem. Thanks for your advice. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Is OpenSSL + ModSSL 128 bit encryption capable?
Yes, it works. On Saturday 17 August 2002 06:07, Jindo wrote: Good Day, My web server softwares are: - OpenSSL 0.96g - mod_ssl 2.8.10 - Apache 1.26 My ISP told me this combination could only support 40-bit cipher strength. However, on mod_ssl official page, I did see: 128-bit strong cryptography world-wide In order to clarify this, would experienced modssl users confirm it for me that I could 1. Buy 128-bit certificate from CA 2. Install the CA on my server with the above configuration 3. Browser with 128-bit cipher strength may communicate with my server using 128-bit encryption. Thanks :-) Yours truly, Jindo __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- --- Take care, Randy Katz __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
