Hi Owen
Thanks for the reply
Owen Boyle wrote:
>
> Jason Paul McCartan wrote:
> > Recently though the server was used to add other name-based virtual domains.
> > Now the SSL through HTTPS is totally unavailable, and when we tried to view
> > anything over HTTPS we get a blank "Page Not Found" page. We have no problem
> > on port 80 for any of the sites. Initially we could hit the same site on
> > HTTP and HTTPS and the SSL would activate. Now on HTTP it works fine, but we
> > get that "Page Not Found" error on HTTPS.
>
> One big trap that a lot of people fall into is that you *cannot* have
> SSL name-based virtual hosts. This is basically because SSL negotiation
> has to be complete before any HTTP traffic can be received - to
> negotiate SSL you need the certificate, which is defined in the VH,
> which is selected using the ServerName, which can only be found from
> HTTP, which can't take place until SSL is established... see the
> problem?
Yup. That's what I was afraid would be the case.
> That aside, you don't actually say you are trying to run SSL VHs so you
> may have a simpler solution - define the port numbers explicitly in the
> NameVirtualHost and VirtualHost directives to avoid ambiguities, e.g:
>
> NameVirtualHost 192.168.1.1:80
>
> # HTTP host1
> <VirtualHost 192.168.1.1:80>
> Servername www.site1.com
> </VirtualHost>
>
> # HTTP host2
> <VirtualHost 192.168.1.1:80>
> Servername www.site2.com
> </VirtualHost>
>
> # SSL host
> <VirtualHost 192.168.1.1:443>
> Servername ssl.site1.com
> </VirtualHost>
We had this working before about 4 months ago before we added a
different domain through the virtual servers. Until then all the virtual
servers belonged to the same name, and we had several on port 80 and
only one on port 443 - pretty much as you defined above.
We're not using SSL based virtual hosts. We only require one SSL enabled
site - https://secure.mydomain.com for example. All the other virtual
servers run on port 80.
> Did you get a warning message when starting the server? Check in the
> common_error_log...
No errors at all. The SSL is up and running as far as we can see. There
are no error messages when we telnet into it as well - it closes the
connection which is what we're aware of what it's supposed to do. We
initially got a "cannot mix * ports and non-* ports" error message when
we changed some of the settings, but we nominated all the ports on the
virtual servers to be port 80 or 443.
At this point I'm thinking that it's best for us to used another IP
address, and move the SSL service onto that, and leave all the name
based virtual hosting on the other IP address. Will this do the trick ?
I appreciate the helpfulness of your response.
--
Jason Paul McCartan - [EMAIL PROTECTED]
CEO/President
MindShift Design LLC
http://www.mindshiftdesign.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
