Hi Lanny, thanks for responding. Yes, I agree. Not being able to connect via https: is the problem I am trying to resolve.
I have my configuration of my NameVirtualHost at the bottom of this email. I may be misunderstanding you, but I "believe" I have my NameVirtualHost is enabled. By that, I mean I have an entry for it, and my virtual hosts come up via http:. It is the https://www.cascadewreaths.com that I get refused on. Is there a place where I have to specifically put the word "enabled" for NameVirtualHost? Thanks Lanny, Rob ----- Original Message ----- From: "Lanny Baron" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 03, 2001 7:41 AM Subject: Re: ServerName Problem (I think) > Robert, I just tried your https and I can't connect to it, conversely, I can > to just http. You have something wrong. Do you have NameVirtualHost x.x.x.x > enabled? > > -Lanny > Robert Mazur writes: > > > > > ----- Original Message ----- > > From: "Eric Paynter" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, October 02, 2001 8:58 PM > > Subject: Re: ServerName Problem (I think) > > > > > >> On October 2, 2001 08:32 pm, Robert Mazur wrote: > >> > I might have confused the issue. My goal is to have one ip address > >> > listening for two http: sites and one https: site. I think I read that > > you > >> > can host multiple sites using VH, but only one can be https: Did I > >> > possibly misunderstand that? > >> > >> You did not misunderstand. > >> > >> > >> > Basically....I have always hosted 3 sites with one ip address using VH. > >> > Now one of them needs SSL for credit cards. I am pretty sure I can > > change > >> > one to use SSL, and still have all three on the same ip address, no? It > > is > >> > likely I have misled myself....please let me know if so! > >> > >> Yes, this will work because SSL listens on a different port. You can have > > as > >> many virtual hosts as you want with your server listening on port 80 and > > only > >> hostname listening on 443. > >> > >> > >> > > > (servername.somedomain.com:443) RSA server certificate CommonName > > (CN) > >> > > > `www.mydomain.com' does NOT match server name!? > >> > > > This is true, but the server name does not have to be the domain > > name > >> > > > of the site, does it? > >> > >> The CN must match the URL that the person types into the web browser. e.g. > >> for my site, https://www.arcticbears.com/manage.cgi, the part > >> "www.arcticbears.com" must exactly match the CN. > >> > >> > >> > >> > > > DETAIL: > >> > > > After a LONG battle getting "apachectl startssl" to launch > > (including > >> > > > it asking me for the password) without errors, > >> > >> There is info in the mod_ssl docs for how to automate this so that the pw > > is > >> automatically entered. > >> > >> > >> > > > I can not get a secured page to come up. Instead I get a Page Not > >> > > > Found, and "DNS server not found" error > >> > > > in the browser. No errors on the server. > >> > >> Are you using IE? This sounds like a typical M$ style un-informative > > error. > >> Is your server listening on port 443? Can you port-scan it? Or give us the > >> public IP so we can try? > >> > >> > >> > > > To make my httpd.conf, I took the resulting "httpd.conf.original" > > and > >> > > > modified it for my virtual hosting and such. Bascially, I copied the > >> > >> Do you have a conf/vhosts/Vhosts.conf file? Or a > >> conf/ssl/ssl.default-vhost.conf file? That's what we use... btw, what is > > your > >> version of apache and mod_ssl? > >> > >> > >> > > > p.s. I should be able to just call a secured page like this, right?: > >> > > > https://www.mydomain.com/welcome.html > >> > >> Yes, that should work. > >> > >> -Eric > > ____________________ > > Wow, first off, thanks for everyone's response. Your help for this "rookie" > > is well appreciated! > > > > OK, I think I almost have it. I am going to lay to gory details on the > > table here..... > > > > Server: Apache 1.3.12 on a RH6.2 box (the box does it's own dns for the > > hosted domains too). > > mod_ssl version: 2.6.6-1.3.12 > > openssl version: 0.9.6b > > ip address of server: 63.229.30.179 > > CN in my certificate is: www.cascadewreaths.com > > > > I am hosting essentially three domains (one SSL, and the other 2 straight > > port 80) > > www.cascadewreaths.com (needs SSL) > > www.sherwoodforestfarms.com (just http: stuff) > > www.greenmountainwreaths (just http: stuff) > > > > My ServerName in the httpd.conf...like way towards the top of the file (not > > the VH section) is 63.229.30.179 > > > > My NameVirtualHost section (not for the SSL stuff) is as such (works with > > http:): > > > > NameVirtualHost 63.229.30.179 > > <VirtualHost 63.229.30.179> > > ServerName 63.229.30.179 > > ServerAlias www.sherwoodforestfarms.com > > DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/sff" > > DirectoryIndex welcome.html > > </VirtualHost> > > > > <VirtualHost 63.229.30.179> > > ServerName 63.229.30.179 > > ServerAlias www.cascadewreaths.com > > DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/che" > > DirectoryIndex welcome.html > > </VirtualHost> > > ...and the other http: domain..... > > ----------------------------------------------------- > > > > And my SSL VH section starts like: > > > > <VirtualHost 63.229.30.179:443> > > DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/che" > > ServerName www.cascadewreaths.com > > ServerAdmin [EMAIL PROTECTED] > > ErrorLog /usr/local/apache_1.3.12/logs/error_log > > TransferLog /usr/local/apache_1.3.12/logs/access_log > > > > #And I have: > > SSLCertificateFile /usr/<path_to_file>/www.cascadewreaths.com.crt > > SSLCertificateKeyFile /usr/<path_to_file>/www.cascadewreaths.com.key > > --------------------------------------------- > > > > So, when I start apache with "apachectl startssl", my ssl_engine_log looks > > good, saying: > > #other good lines, then.... > > Initializing (virtual) servers for SSL > > Configuring server www.cascadewreaths.com:443 for SSL protocol > > > > I can see all my hosted sites with http:. But when I try > > https://www.cascadewreaths.com, I get in > > IE "Cannot find server or DNS error", and in Netscape I get "Netscape's > > network conneciton was refused by server www.cascadewreaths.com". > > > > So, I think I have all three important things lined up (the CN in my key, > > the ServerName in the SSL VH section and the URL a user types are all > > www.cascadewreaths.com). One thing that comes to mind is that I have > > www.cascadewreaths.com in both the http: VH section, as well as the > > https:443 VH section. But I think this is proper, as not the whole domain > > requires SSL. Isn't this ok? > > > > I know you gurus see something glaringly wrong! :-) I would be immensely > > indebted to anyone offering help. Who knows, the good karma could get you a > > xmas wreath (we sell wreaths). :-p > > > > Thanks, > > Rob Mazur > > > > p.s. I am clearing the browsers cache and restarting between server > > restarts > > > > ______________________________________________________________________ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
