----- Original Message ----- From: "Eric Paynter" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, October 02, 2001 8:58 PM Subject: Re: ServerName Problem (I think)
> On October 2, 2001 08:32 pm, Robert Mazur wrote: > > I might have confused the issue. My goal is to have one ip address > > listening for two http: sites and one https: site. I think I read that you > > can host multiple sites using VH, but only one can be https: Did I > > possibly misunderstand that? > > You did not misunderstand. > > > > Basically....I have always hosted 3 sites with one ip address using VH. > > Now one of them needs SSL for credit cards. I am pretty sure I can change > > one to use SSL, and still have all three on the same ip address, no? It is > > likely I have misled myself....please let me know if so! > > Yes, this will work because SSL listens on a different port. You can have as > many virtual hosts as you want with your server listening on port 80 and only > hostname listening on 443. > > > > > > (servername.somedomain.com:443) RSA server certificate CommonName (CN) > > > > `www.mydomain.com' does NOT match server name!? > > > > This is true, but the server name does not have to be the domain name > > > > of the site, does it? > > The CN must match the URL that the person types into the web browser. e.g. > for my site, https://www.arcticbears.com/manage.cgi, the part > "www.arcticbears.com" must exactly match the CN. > > > > > > > DETAIL: > > > > After a LONG battle getting "apachectl startssl" to launch (including > > > > it asking me for the password) without errors, > > There is info in the mod_ssl docs for how to automate this so that the pw is > automatically entered. > > > > > > I can not get a secured page to come up. Instead I get a Page Not > > > > Found, and "DNS server not found" error > > > > in the browser. No errors on the server. > > Are you using IE? This sounds like a typical M$ style un-informative error. > Is your server listening on port 443? Can you port-scan it? Or give us the > public IP so we can try? > > > > > > To make my httpd.conf, I took the resulting "httpd.conf.original" and > > > > modified it for my virtual hosting and such. Bascially, I copied the > > Do you have a conf/vhosts/Vhosts.conf file? Or a > conf/ssl/ssl.default-vhost.conf file? That's what we use... btw, what is your > version of apache and mod_ssl? > > > > > > p.s. I should be able to just call a secured page like this, right?: > > > > https://www.mydomain.com/welcome.html > > Yes, that should work. > > -Eric ____________________ Wow, first off, thanks for everyone's response. Your help for this "rookie" is well appreciated! OK, I think I almost have it. I am going to lay to gory details on the table here..... Server: Apache 1.3.12 on a RH6.2 box (the box does it's own dns for the hosted domains too). mod_ssl version: 2.6.6-1.3.12 openssl version: 0.9.6b ip address of server: 63.229.30.179 CN in my certificate is: www.cascadewreaths.com I am hosting essentially three domains (one SSL, and the other 2 straight port 80) www.cascadewreaths.com (needs SSL) www.sherwoodforestfarms.com (just http: stuff) www.greenmountainwreaths (just http: stuff) My ServerName in the httpd.conf...like way towards the top of the file (not the VH section) is 63.229.30.179 My NameVirtualHost section (not for the SSL stuff) is as such (works with http:): NameVirtualHost 63.229.30.179 <VirtualHost 63.229.30.179> ServerName 63.229.30.179 ServerAlias www.sherwoodforestfarms.com DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/sff" DirectoryIndex welcome.html </VirtualHost> <VirtualHost 63.229.30.179> ServerName 63.229.30.179 ServerAlias www.cascadewreaths.com DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/che" DirectoryIndex welcome.html </VirtualHost> ...and the other http: domain..... ----------------------------------------------------- And my SSL VH section starts like: <VirtualHost 63.229.30.179:443> DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/che" ServerName www.cascadewreaths.com ServerAdmin [EMAIL PROTECTED] ErrorLog /usr/local/apache_1.3.12/logs/error_log TransferLog /usr/local/apache_1.3.12/logs/access_log #And I have: SSLCertificateFile /usr/<path_to_file>/www.cascadewreaths.com.crt SSLCertificateKeyFile /usr/<path_to_file>/www.cascadewreaths.com.key --------------------------------------------- So, when I start apache with "apachectl startssl", my ssl_engine_log looks good, saying: #other good lines, then.... Initializing (virtual) servers for SSL Configuring server www.cascadewreaths.com:443 for SSL protocol I can see all my hosted sites with http:. But when I try https://www.cascadewreaths.com, I get in IE "Cannot find server or DNS error", and in Netscape I get "Netscape's network conneciton was refused by server www.cascadewreaths.com". So, I think I have all three important things lined up (the CN in my key, the ServerName in the SSL VH section and the URL a user types are all www.cascadewreaths.com). One thing that comes to mind is that I have www.cascadewreaths.com in both the http: VH section, as well as the https:443 VH section. But I think this is proper, as not the whole domain requires SSL. Isn't this ok? I know you gurus see something glaringly wrong! :-) I would be immensely indebted to anyone offering help. Who knows, the good karma could get you a xmas wreath (we sell wreaths). :-p Thanks, Rob Mazur p.s. I am clearing the browsers cache and restarting between server restarts ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
