See comments.. >-----Original Message----- >From: Alex Tang [mailto:[EMAIL PROTECTED]] >Sent: Dienstag, 10. Dezember 2002 08:07 >To: [EMAIL PROTECTED] >Cc: Alex Tang >Subject: Problem with IP/Port Based (NOT Name Based) virtual hosts. > > >Hi folks. > >I've read a bunch about how you can only do virtual hosting >using IPs or Ports, not using NBVH. No problem.
You must be the first guy to figure this out from the docs! Well done :-) >However, I'm trying to setup my server (apache 2.0.43, OpenSSL >0.9.7-beta5, RH Linux 7.3) to do IP or Port based virtual hosts. > >It seems that the server will only ever use the first cert declared. > >I have the following in my httpd.conf (well, technically a >file included >by httpd.conf) > >SSLSessionCache dbm:/var/cache/mod_ssl/scache >SSLSessionCacheTimeout 300 >SSLMutex file:logs/ssl_mutex >SSLRandomSeed startup builtin >SSLRandomSeed connect builtin > ><VirtualHost 192.168.7.31:443> > ServerName A.funkware.com > ServerAdmin [EMAIL PROTECTED] > ErrorLog logs/A/error_log > CustomLog logs/A/access_log combined > > SSLEngine on > SSLCertificateFile /usr/local/etc/A.Cert > SSLCertificateKeyFile /usr/local/etc/A.key > > DocumentRoot /webdocs/A > > # other sundry virtual host directory stuff here. ></VirtualHost> Looks OK... > ><VirtualHost 192.168.7.33:443> > AddType application/x-x509-ca-cert .crt > AddType application/x-pkcs7-crl .crl > > > ServerName B.funkware.com > ServerAdmin [EMAIL PROTECTED] > ErrorLog logs/B/error_log2 > CustomLog logs/B/access_log2 combined > > SSLEngine on > SSLCertificateFile /etc/httpd/conf/httpd-cert-3443.cert > SSLCertificateKeyFile /etc/httpd/conf/httpd-cert-3443.key > > DocumentRoot >"/local/private/OpenCA/httpd/htdocs/pub" > > # other sundry virtual host directory stuff here. > ></VirtualHost> Looks OK too... > >Like i said, when i startup the server, the first cert (A.Cert) is used >for both virtual hosts. Does this seutp look correct? Is >there something >I missed? > >Here are a couple more tidbits of info that i've learned...I >don't know if >any of it is useful though... > > * All the certs and keys are valid. I've verified it using OpenSSL. > * When I get the root page for both virtual hosts, i get the proper > page for each server. What exactly do you mean here... Do you mean that: https://A.funkware.com/ -> /webdocs/A https://B.funkware.com/ -> /local/private/OpenCA/httpd/htdocs/pub or do you mean via HTTP? > * If i change the second "SSLCertificateFile" to a bogus file or > something that doesn't exist, the server will not startup (as > expected). However, the second cert is still not used. As you say, this is normal - missing files or directories cause apache to abort during startup, long before any network setup is done. > * If i change the order (putting the VirtualHost declaration for .33 > before .31), the behavior is consistant: the >httpd-cert-3443.cert is > used for both servers. I suspect a DNS or routing problem... I notice you have real ".com" domain names which implies these sites are available on the internet. However, the IP addresses are on the 192.168.0.0 private network. This implies that you have a firewall and/or router with network address translation between the webserver and the web. Are you sure that, after NAT, A.funkware.com resolves to 192.168.7.31 and that B.funkware.com resolves to 192.168.7.33? I suspect that both FQDNs are resolving to the same internal IP address... Rgds, Owen Boyle > >Thanks a bunch. > >...alex... > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
