A team member was able to find a working solution (issue: single IP, two domains, one domain requires client auth, the other domain plain SSL, both functional with same apache instance using virtual hosts):
NameVirtualHost <ip-address>:443 <Virtualhost <ip-address>:443> ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www ServerName <domain 1> ErrorLog /var/log/httpd/error_log CustomLog /var/log/httpd/access_log common SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key <Location "/"> SSLVerifyClient require SSLVerifyDepth 5 SSLCACertificateFile /etc/httpd/conf/ssl.crt/server-calist.crt SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate </Location> </VirtualHost> <Virtualhost <ip-address>:443> ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www ServerName <domain 2> ErrorLog /var/log/httpd/error_log CustomLog /var/log/httpd/access_log common SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key </VirtualHost> -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eckard Wille Sent: Tuesday, June 14, 2005 3:06 AM To: modssl-users@modssl.org Subject: Re: SSL Client Auth with Virtual Hosts Hoda Nadeem schrieb: > Eckard and All, > > Does anybody know if there is any work around to get the following > scenario to work? > > 1 IP Address > 2 domain names attached to the same server IP address > 2 SSL virtual hosts: 1 with client authentication, 1 without client > authentication > > I need to try to avoid using a second IP address for the same server. > Some folks are insisting that there must be a way to get the scenario > to work. Hi, maybe you should reach your goal with some mod_rewrite tricks. The points mentioned at http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts are still valid, only one vhost per ip. You could give mod_rewrite a try to push clients to different directories which are configured for secure and public ssl access. Try something like this: ServerName www.vhost1.com ServerAlias www.vhost2.com SSLEngine on SSLVerifyClient none SSLCACertificateFile conf/ssl.crt/ca.crt <Location /ssl/securedir> SSLVerifyClient require SSLVerifyDepth 1 </Location> RewriteEngine on #RewriteLogLevel 7 #RewriteLog logs/RewriteLog #RewriteCond %{SERVER_NAME} RewriteCond %{HTTP_HOST} www.vhost1.com RewriteRule ^(/index.htm)|(/)|()$ /ssl/securedir [R,L] RewriteCond %{HTTP_HOST} www.vhost2.com RewriteRule ^(/index.htm)|(/)|()$ /ssl/public [R,L] This would just be a starting switch, modify the regexp to push all desired content into the matching secure location (see http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6). I personally did not try this, but if this does not work maybe mod_setenvif can be used to distinguish the different names. Greetings from Germany, Eckard ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]