-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Attacus,
On 6/16/2009 4:04 PM, attacus wrote: > NameVirtualHost *:443 This ain't gonna work: SSL negotiation occurs /before/ the HTTP headers are sent, meaning that the VirtualHost has already been chosen before the "Server" header can be inspected. This will probably work with a single VirtualHost on port 443, but it's not going to work if you add others. Apache httpd will probably just choose the first one defined or something. > <VirtualHost *:443> > ServerName *:443 This is not correct, either. If you're using name-based VirtualHosts, you need to bind a name to the VirtualHost: something like "www.myserver.com". Again, see the note above about NameVirtualHost not working for HTTPS. > ErrorLog "C:/tools/Apache2.2/logs/secure-channel-error.log" This would be a good place to look for startup errors or warnings. > JkMountFile conf/uriworkermap.properties Is this the same JkMountFile you use for your (working) non-SSL VirtualHost? > SSLCipherSuite > ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL Note that this is an overly-complicated Ciphers line... you're using ALL and then customizing it by adding other ciphers. It's the equivalent of: SSLCipherSuite ALL:-ADH or even SSLCIpherSuite ALL:!ADH - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAko5Q20ACgkQ9CaO5/Lv0PBLEwCgvKwY0DBJBIa73+nTHeucscHl 7tAAnRA/SXg7OiBxm1bIZ2lcM2yvAQsp =8WSd -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
