do you have a listen 63.229.30.179:443
statement in you conf file? Robert Mazur wrote: >----- Original Message ----- >From: "Eric Paynter" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Tuesday, October 02, 2001 8:58 PM >Subject: Re: ServerName Problem (I think) > > >>On October 2, 2001 08:32 pm, Robert Mazur wrote: >> >>>I might have confused the issue. My goal is to have one ip address >>>listening for two http: sites and one https: site. I think I read that >>> >you > >>>can host multiple sites using VH, but only one can be https: Did I >>>possibly misunderstand that? >>> >>You did not misunderstand. >> >> >>>Basically....I have always hosted 3 sites with one ip address using VH. >>>Now one of them needs SSL for credit cards. I am pretty sure I can >>> >change > >>>one to use SSL, and still have all three on the same ip address, no? It >>> >is > >>>likely I have misled myself....please let me know if so! >>> >>Yes, this will work because SSL listens on a different port. You can have >> >as > >>many virtual hosts as you want with your server listening on port 80 and >> >only > >>hostname listening on 443. >> >> >>>>>(servername.somedomain.com:443) RSA server certificate CommonName >>>>> >(CN) > >>>>>`www.mydomain.com' does NOT match server name!? >>>>>This is true, but the server name does not have to be the domain >>>>> >name > >>>>>of the site, does it? >>>>> >>The CN must match the URL that the person types into the web browser. e.g. >>for my site, https://www.arcticbears.com/manage.cgi, the part >>"www.arcticbears.com" must exactly match the CN. >> >> >> >>>>>DETAIL: >>>>>After a LONG battle getting "apachectl startssl" to launch >>>>> >(including > >>>>>it asking me for the password) without errors, >>>>> >>There is info in the mod_ssl docs for how to automate this so that the pw >> >is > >>automatically entered. >> >> >>>>>I can not get a secured page to come up. Instead I get a Page Not >>>>>Found, and "DNS server not found" error >>>>>in the browser. No errors on the server. >>>>> >>Are you using IE? This sounds like a typical M$ style un-informative >> >error. > >>Is your server listening on port 443? Can you port-scan it? Or give us the >>public IP so we can try? >> >> >>>>>To make my httpd.conf, I took the resulting "httpd.conf.original" >>>>> >and > >>>>>modified it for my virtual hosting and such. Bascially, I copied the >>>>> >>Do you have a conf/vhosts/Vhosts.conf file? Or a >>conf/ssl/ssl.default-vhost.conf file? That's what we use... btw, what is >> >your > >>version of apache and mod_ssl? >> >> >>>>>p.s. I should be able to just call a secured page like this, right?: >>>>>https://www.mydomain.com/welcome.html >>>>> >>Yes, that should work. >> >>-Eric >> >____________________ >Wow, first off, thanks for everyone's response. Your help for this "rookie" >is well appreciated! > >OK, I think I almost have it. I am going to lay to gory details on the >table here..... > >Server: Apache 1.3.12 on a RH6.2 box (the box does it's own dns for the >hosted domains too). >mod_ssl version: 2.6.6-1.3.12 >openssl version: 0.9.6b >ip address of server: 63.229.30.179 >CN in my certificate is: www.cascadewreaths.com > >I am hosting essentially three domains (one SSL, and the other 2 straight >port 80) >www.cascadewreaths.com (needs SSL) >www.sherwoodforestfarms.com (just http: stuff) >www.greenmountainwreaths (just http: stuff) > >My ServerName in the httpd.conf...like way towards the top of the file (not >the VH section) is 63.229.30.179 > >My NameVirtualHost section (not for the SSL stuff) is as such (works with >http:): > >NameVirtualHost 63.229.30.179 > <VirtualHost 63.229.30.179> > ServerName 63.229.30.179 > ServerAlias www.sherwoodforestfarms.com > DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/sff" > DirectoryIndex welcome.html ></VirtualHost> > ><VirtualHost 63.229.30.179> > ServerName 63.229.30.179 > ServerAlias www.cascadewreaths.com > DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/che" > DirectoryIndex welcome.html ></VirtualHost> >...and the other http: domain..... >----------------------------------------------------- > >And my SSL VH section starts like: > ><VirtualHost 63.229.30.179:443> > DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/che" > ServerName www.cascadewreaths.com > ServerAdmin [EMAIL PROTECTED] > ErrorLog /usr/local/apache_1.3.12/logs/error_log > TransferLog /usr/local/apache_1.3.12/logs/access_log > >#And I have: >SSLCertificateFile /usr/<path_to_file>/www.cascadewreaths.com.crt >SSLCertificateKeyFile /usr/<path_to_file>/www.cascadewreaths.com.key >--------------------------------------------- > >So, when I start apache with "apachectl startssl", my ssl_engine_log looks >good, saying: >#other good lines, then.... >Initializing (virtual) servers for SSL >Configuring server www.cascadewreaths.com:443 for SSL protocol > >I can see all my hosted sites with http:. But when I try >https://www.cascadewreaths.com, I get in >IE "Cannot find server or DNS error", and in Netscape I get "Netscape's >network conneciton was refused by server www.cascadewreaths.com". > >So, I think I have all three important things lined up (the CN in my key, >the ServerName in the SSL VH section and the URL a user types are all >www.cascadewreaths.com). One thing that comes to mind is that I have >www.cascadewreaths.com in both the http: VH section, as well as the >https:443 VH section. But I think this is proper, as not the whole domain >requires SSL. Isn't this ok? > >I know you gurus see something glaringly wrong! :-) I would be immensely >indebted to anyone offering help. Who knows, the good karma could get you a >xmas wreath (we sell wreaths). :-p > >Thanks, >Rob Mazur > >p.s. I am clearing the browsers cache and restarting between server >restarts > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
