Robert, I just tried your https and I can't connect to it, conversely, I can to just http. You have something wrong. Do you have NameVirtualHost x.x.x.x enabled?
-Lanny Robert Mazur writes: > > ----- Original Message ----- > From: "Eric Paynter" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, October 02, 2001 8:58 PM > Subject: Re: ServerName Problem (I think) > > >> On October 2, 2001 08:32 pm, Robert Mazur wrote: >> > I might have confused the issue. My goal is to have one ip address >> > listening for two http: sites and one https: site. I think I read that > you >> > can host multiple sites using VH, but only one can be https: Did I >> > possibly misunderstand that? >> >> You did not misunderstand. >> >> >> > Basically....I have always hosted 3 sites with one ip address using VH. >> > Now one of them needs SSL for credit cards. I am pretty sure I can > change >> > one to use SSL, and still have all three on the same ip address, no? It > is >> > likely I have misled myself....please let me know if so! >> >> Yes, this will work because SSL listens on a different port. You can have > as >> many virtual hosts as you want with your server listening on port 80 and > only >> hostname listening on 443. >> >> >> > > > (servername.somedomain.com:443) RSA server certificate CommonName > (CN) >> > > > `www.mydomain.com' does NOT match server name!? >> > > > This is true, but the server name does not have to be the domain > name >> > > > of the site, does it? >> >> The CN must match the URL that the person types into the web browser. e.g. >> for my site, https://www.arcticbears.com/manage.cgi, the part >> "www.arcticbears.com" must exactly match the CN. >> >> >> >> > > > DETAIL: >> > > > After a LONG battle getting "apachectl startssl" to launch > (including >> > > > it asking me for the password) without errors, >> >> There is info in the mod_ssl docs for how to automate this so that the pw > is >> automatically entered. >> >> >> > > > I can not get a secured page to come up. Instead I get a Page Not >> > > > Found, and "DNS server not found" error >> > > > in the browser. No errors on the server. >> >> Are you using IE? This sounds like a typical M$ style un-informative > error. >> Is your server listening on port 443? Can you port-scan it? Or give us the >> public IP so we can try? >> >> >> > > > To make my httpd.conf, I took the resulting "httpd.conf.original" > and >> > > > modified it for my virtual hosting and such. Bascially, I copied the >> >> Do you have a conf/vhosts/Vhosts.conf file? Or a >> conf/ssl/ssl.default-vhost.conf file? That's what we use... btw, what is > your >> version of apache and mod_ssl? >> >> >> > > > p.s. I should be able to just call a secured page like this, right?: >> > > > https://www.mydomain.com/welcome.html >> >> Yes, that should work. >> >> -Eric > ____________________ > Wow, first off, thanks for everyone's response. Your help for this "rookie" > is well appreciated! > > OK, I think I almost have it. I am going to lay to gory details on the > table here..... > > Server: Apache 1.3.12 on a RH6.2 box (the box does it's own dns for the > hosted domains too). > mod_ssl version: 2.6.6-1.3.12 > openssl version: 0.9.6b > ip address of server: 63.229.30.179 > CN in my certificate is: www.cascadewreaths.com > > I am hosting essentially three domains (one SSL, and the other 2 straight > port 80) > www.cascadewreaths.com (needs SSL) > www.sherwoodforestfarms.com (just http: stuff) > www.greenmountainwreaths (just http: stuff) > > My ServerName in the httpd.conf...like way towards the top of the file (not > the VH section) is 63.229.30.179 > > My NameVirtualHost section (not for the SSL stuff) is as such (works with > http:): > > NameVirtualHost 63.229.30.179 > <VirtualHost 63.229.30.179> > ServerName 63.229.30.179 > ServerAlias www.sherwoodforestfarms.com > DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/sff" > DirectoryIndex welcome.html > </VirtualHost> > > <VirtualHost 63.229.30.179> > ServerName 63.229.30.179 > ServerAlias www.cascadewreaths.com > DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/che" > DirectoryIndex welcome.html > </VirtualHost> > ...and the other http: domain..... > ----------------------------------------------------- > > And my SSL VH section starts like: > > <VirtualHost 63.229.30.179:443> > DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/che" > ServerName www.cascadewreaths.com > ServerAdmin [EMAIL PROTECTED] > ErrorLog /usr/local/apache_1.3.12/logs/error_log > TransferLog /usr/local/apache_1.3.12/logs/access_log > > #And I have: > SSLCertificateFile /usr/<path_to_file>/www.cascadewreaths.com.crt > SSLCertificateKeyFile /usr/<path_to_file>/www.cascadewreaths.com.key > --------------------------------------------- > > So, when I start apache with "apachectl startssl", my ssl_engine_log looks > good, saying: > #other good lines, then.... > Initializing (virtual) servers for SSL > Configuring server www.cascadewreaths.com:443 for SSL protocol > > I can see all my hosted sites with http:. But when I try > https://www.cascadewreaths.com, I get in > IE "Cannot find server or DNS error", and in Netscape I get "Netscape's > network conneciton was refused by server www.cascadewreaths.com". > > So, I think I have all three important things lined up (the CN in my key, > the ServerName in the SSL VH section and the URL a user types are all > www.cascadewreaths.com). One thing that comes to mind is that I have > www.cascadewreaths.com in both the http: VH section, as well as the > https:443 VH section. But I think this is proper, as not the whole domain > requires SSL. Isn't this ok? > > I know you gurus see something glaringly wrong! :-) I would be immensely > indebted to anyone offering help. Who knows, the good karma could get you a > xmas wreath (we sell wreaths). :-p > > Thanks, > Rob Mazur > > p.s. I am clearing the browsers cache and restarting between server > restarts > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ------------------------------- Lanny Baron http://www.FreeBSDsystems.com http://www.freedomtc.com Toll Free 1.877.963.1900 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
