Problem with IP/Port Based (NOT Name Based) virtual hosts.

Mon, 09 Dec 2002 23:10:29 -0800 

Hi folks.

I've read a bunch about how you can only do virtual hosting using IPs or
Ports, not using NBVH.  No problem.

However, I'm trying to setup my server (apache 2.0.43, OpenSSL
0.9.7-beta5, RH Linux 7.3) to do IP or Port based virtual hosts.  

It seems that the server will only ever use the first cert declared.  

I have the following in my httpd.conf (well, technically a file included
by httpd.conf)

SSLSessionCache         dbm:/var/cache/mod_ssl/scache
SSLSessionCacheTimeout  300
SSLMutex  file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

<VirtualHost 192.168.7.31:443>
    ServerName                  A.funkware.com
    ServerAdmin                 [EMAIL PROTECTED]
    ErrorLog                    logs/A/error_log
    CustomLog                   logs/A/access_log combined

    SSLEngine on
    SSLCertificateFile          /usr/local/etc/A.Cert
    SSLCertificateKeyFile       /usr/local/etc/A.key

    DocumentRoot                /webdocs/A

    # other sundry virtual host directory stuff here.
</VirtualHost>

<VirtualHost 192.168.7.33:443>
    AddType                     application/x-x509-ca-cert .crt
    AddType                     application/x-pkcs7-crl    .crl


    ServerName                  B.funkware.com
    ServerAdmin                 [EMAIL PROTECTED]
    ErrorLog                    logs/B/error_log2
    CustomLog                   logs/B/access_log2 combined

    SSLEngine on
    SSLCertificateFile          /etc/httpd/conf/httpd-cert-3443.cert
    SSLCertificateKeyFile       /etc/httpd/conf/httpd-cert-3443.key

    DocumentRoot                "/local/private/OpenCA/httpd/htdocs/pub"

    # other sundry virtual host directory stuff here.

</VirtualHost>

Like i said, when i startup the server, the first cert (A.Cert) is used
for both virtual hosts.  Does this seutp look correct?  Is there something
I missed?  

Here are a couple more tidbits of info that i've learned...I don't know if
any of it is useful though...

  * All the certs and keys are valid.  I've verified it using OpenSSL.
  * When I get the root page for  both virtual hosts, i get the proper
    page for each server.
  * If i change the second "SSLCertificateFile" to a bogus file or
    something that doesn't exist, the server will not startup (as
    expected).  However, the second cert is still not used.
  * If i change the order (putting the VirtualHost declaration for .33
    before .31), the behavior is consistant: the httpd-cert-3443.cert is
    used for both servers.

Thanks a bunch.

...alex...

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to