Tired of lurking..... Here my 2 cents..... You con use also virtual hosts on the same IP distinguishing them by the port:
Listen 443 Listen 444 ........ ........ <VirtualHost _default_:443> ...... </VirtualHost> <VirtualHost _default_:444> ...... </VirtualHost> This has the advantage of needing only one certificate. In alternative you can have (IP virtual hosts) one certificate per host and specify them in the VirtualHost sections: <VirtualHost x.x.x.1:443> ........ SSLCertificateFile /path/to/1st/ssl.crt/certificate.crt SSLCertificateKeyFile /path/to/1st/ssl.key/certificate.key ........ </VirtualHost> <VirtualHost x.x.x.2:443> ........ SSLCertificateFile /path/to/2nd/ssl.crt/certificate.crt SSLCertificateKeyFile /path/to/2nd/ssl.key/certificate.key ........ </VirtualHost> Hope this will be useful Best regards Alberto Guglielmo mailto:[EMAIL PROTECTED] -----Messaggio originale----- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Per conto di Nick Temple Inviato: lunedi 29 ottobre 2001 2.01 A: [EMAIL PROTECTED] Oggetto: Re: problems with SSL and virtual hosts Actually, you can't use name-based virtual hosts with https (the server starts negotiating before the browser sends the name), so the best (only?) solution is to use a seperate IP for each domain (give server.com one IP and server.net a seperate one). Other than that, there is no way to to negotiate the correct cert for both servers. i.e., it is possible to get http:// setup correctly, but not https:// AND have the correct cert supplied. I hope this makes sense :-> Nick *********** REPLY SEPARATOR *********** On 10/28/2001 at 5:11 PM Rajidhar Etta wrote: >Hi Dalton, >For your requirement you must use Namebased virtual hosts, now you are >using IP/Port based virtual host. >when you say 'https', the virtual host listening on port 443, will >serve the request and vice versa. >Regards, >Rajidhar Etta > >----- Original Message ----- >From: Doug Dalton <[EMAIL PROTECTED]> >Date: Friday, October 26, 2001 11:25 pm >Subject: problems with SSL and virtual hosts > >> I am having trouble with two domains, one is server.com one is >> server.netI want server.net to ONLY allow ssl to the server.net/ dir >> and server.com to only be standard port 80 in the server.com/dir >> >> but with the config below : >> when I go to https://www.server.com - I get server.net/ directory >> when I go to http://www.server.com- works correctly >> when I go to http://www.server.net- I get the server.com/directory >> when I go to https://www.server.net - works correctly >> >> What am I doing incorrectly? >> >> Doug >> >> >> >> NameVirtualHost 10.0.0.10 >> >> # >> # VirtualHost example: >> # Almost any Apache directive may go into a VirtualHost container. >> # The first VirtualHost section is used for requests without a known >> # server name. >> # >> <VirtualHost 10.0.0.10:443> >> <Location /> >> SSLRequireSSL >> </Location> >> ServerAdmin [EMAIL PROTECTED] >> DocumentRoot /home/www/server.net >> ServerName www.server.net >> ScriptAlias /cgi-bin /home/www/server.net/cgi-bin >> SSLEngine on >> SSLCertificateFile /usr/loca SSLCertificateKeyFile >> /usr/loca ErrorLog logs/server.net-error_log >> CustomLog logs/server.net-access_log common >> </VirtualHost> >> >> <VirtualHost 10.0.0.10:80> >> ServerAdmin [EMAIL PROTECTED] >> DocumentRoot /home/www/server.com >> ServerName www.server.com >> ScriptAlias /cgi-bin /home/www/server.com/cgi-bin >> ErrorLog logs/server.com-error_log >> CustomLog logs/server.com-access_log common >> </VirtualHost> >> >> >> ______________________________________________________________________ >> Apache Interface to OpenSSL (mod_ssl) www.modssl.org >> User Support Mailing List [EMAIL PROTECTED] >> Automated List Manager [EMAIL PROTECTED] >> > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
