On Mon, Dec 07, 1998, Paul Wolstenholme wrote:
> I have just upgraded mod_ssl form 2.0 to 2.1.1. I can no longer connect
> to the server. I get the trusty old:
>
> A network error occured: unable to connect to server....
>
> I think I know what the problem is but would appreciate a confirmation.
> In my httpd.conf file I have been using name based virtual hosting. If I
> understand mod_ssl I cannot use this method but must replace it with IP
> aliases and
> remove the NameVirtualHost line. Is this correct?
>
> NameVirtualHost 192.75.244.134:80
>
> <VirtualHost 192.75.244.134:80>
> DocumentRoot /usr/local/www/data
> ServerName oscar.cprost.sfu.ca
> ErrorLog /var/log/httpd-error-oscar.log
> CustomLog /var/log/httpd-access-oscar.log combined
> SSLDisable
> </VirtualHost>
>
> <VirtualHost 192.75.244.134:443>
> DocumentRoot /usr/local/www/data
> ServerName oscar.cprost.sfu.ca
> SSLEngine on
> SSLOptions +CompatEnvVars
> SSLEnable
> #SSLRequire
> SSLCertificateFile /usr/local/etc/apache/ssl.crt/mycrt.crt
> SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/mykey.key
> SSLVerifyClient none
> SSLLogFile /var/log/httpd-ssl.log
> CustomLog /var/log/httpd-access-oscarSSL.log "%t %h %{version}c %{cipher}c %
>ErrorLog /var/log/httpd-error-oscarSSL.log
> </VirtualHost>
A few facts:
1. The "SSLDisable" is not needed for mod_ssl 2.1. First
there is no such directive (it's on-the-fly mapped to the existing
"SSLEngine off"). Second the default for mod_ssl 2.1 _IS_ already off. So
you only have to enable it where you want it instead of disabling
everywhere you don't want it. The same applies to "SSLEnable", it's an old
directive which doesn't really exists. It gets mapped to "SSLEngine on",
and because you already have a "SSLEngine on", you can also remove the
"SSLEnable", of course.
2. As long as you only have the above vhosts for the IP
192.75.244.134 it will work, of course. The problem with name-based virtual
hosting pays a role only when you have more than one server with the _same_
IP _AND_ port. In your case the two vhosts are different: they use a
different port.
3. Your "cannot connect" problem can have different reasons.
First I suggest you to check your Listen directives. They have to match the
vhost sections. Second I advice you to look inside the Apache logfiles.
Perhaps you get a connection but SSL is just not enabled (don't trust a
"cannot connect" message, it can mean a lot of things).
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
