Irving Carrion wrote:
Please DON'T do this.Everyone knows this question will not stop coming... is it possible to return an error message to the user when restarting apache? Only a suggestion.... =)
Confession time. I actually have a use for NBVHs with SSL, and I'd prefer not to have it broken gratuitously.
I run a site whose members collaborate using a number of Web-based tools. All members are issued with client certificates signed by our private CA, and I have a single instance of Apache+mod-ssl with a single IP address acting as an SSL-only reverse-proxy for these tools.
Some parts of the site have varying authorisation policy rules, and some of the proxied tools assume that they own the root of the site and can't cope with explicit ports in URLs. For these reasons, it is convenient to split the site into multiple NBVHs.
These NBVHs are all derived off the same 3rd-level domain, and thus we can use the same wildcard certificate for each NBVH (users whose browsers don't recognise wildcard certificates need only placate the browser once in most cases).
This set-up has been working for over two years now, but I do occasionally have wakeful nights wondering if someone will break this counter-documented capability.
I realise I am on thin ice as it would be a "reasonable" optimisation to assign the final virtual host at an earlier stage than is currently the case with SSL.
Am I on my own here?
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of James Barwick
Sent: Wednesday, January 08, 2003 4:30 PM
To: [EMAIL PROTECTED]
Subject: Re: 2 VirtualHosts with 2 Certificates
Should have read the MOST FREQUENTLY ASKED FREQUENTLY ASKED QUESTIONS!!!
Can't do that. Learn a little more about SSL. It's IP based, not name based. So, you can only have
one certificate and one firtual host on 92.35.28.17:443. Sorry...but that's the way it goes.
Same question answer number four billion six hundred seventeen million two hundred thirty-four thousand nine hunderd twenty-four!
;)
JDB
toxshark wrote:
i have the apache configured with 2 VirtualHosts on port 443.
both VirtualServers have separately CertificateFiles and CertificateKeyFiles.
but now if i connect to the VirtualHost2, the Host have the Certificate from the VirtualServer1!
both Hosts have now the same Certificate.
my httpd.config:
...
NameVirtualHost 92.35.28.17:443
<VirtualHost 92.35.28.17:443>
ServerName domain1.com
ServerAlias www.domain1.com
DocumentRoot "/web1/"
SSLEngine on
SSLCertificateFile /usr/local/etc/apache/key/ssl1.cert
SSLCertificateKeyFile /usr/local/etc/apache/key/ssl1.key
</VirtualHost>
<VirtualHost 92.35.28.17:443>
ServerName domain2.com
ServerAlias www.domain2.com
DocumentRoot "/web2/"
SSLEngine on
SSLCertificateFile /usr/local/etc/apache/key/ssl2.cert
SSLCertificateKeyFile /usr/local/etc/apache/key/ssl2.key
</VirtualHost>
...
______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
