Hello Vlad, You are trying to use NameVirtualHost for ssl which will not work. Basically which cert does it use? The ssl connection needs to be setup before the site name (hence virtual host and cert) can be established by apache.
You'll need two IPs, or use different ports (yuck). Regards Matt --- Vlad Ciubotariu <[EMAIL PROTECTED]> wrote: > I'm doing something wrong in my config file. For > some reason, when > pointed to https://calendar.mydomain.ca the browser > tells me the > security certificate belongs to mail.mydomain.ca > even though the two > domains have been configured with different > certificates. > > Could anyone shed some light, please? Thanks in > advance. > > ## > ## SSL Support > ## > ## When we also provide SSL we have to listen to > the > ## standard HTTP port (see above) and to the HTTPS > port > ## > <IfDefine SSL> > Listen 80 > Listen 443 > </IfDefine> > > ............................................................................... > > NameVirtualHost *:80 > NameVirtualHost *:443 > > # > # VirtualHost example: > # Almost any Apache directive may go into a > VirtualHost container. > > <VirtualHost *> > ServerAdmin [EMAIL PROTECTED] > DocumentRoot /var/www/virthosts/mail > ServerName mail.mydomain.org > Redirect / https://mail.mydomain.org/ > </VirtualHost> > > <VirtualHost *> > ServerAdmin [EMAIL PROTECTED] > DocumentRoot /var/www/virthosts/calendar > ServerName calendar.mydomain.org > Redirect / https://calendar.mydomain.org/ > </VirtualHost> > > > ## > ## SSL Global Context > ## > ## All SSL configuration in this context applies > both to > ## the main server and all SSL-enabled virtual > hosts. > ## > > # > # Some MIME-types for downloading Certificates and > CRLs > # > <IfDefine SSL> > AddType application/x-x509-ca-cert .crt > AddType application/x-pkcs7-crl .crl > </IfDefine> > > <IfModule mod_ssl.c> > > # Pass Phrase Dialog: > # Configure the pass phrase gathering process. > # The filtering dialog program (`builtin' is a > internal > # terminal dialog) has to provide the pass phrase > on stdout. > SSLPassPhraseDialog builtin > > # Inter-Process Session Cache: > # Configure the SSL Session Cache: First either > `none' > # or `dbm:/path/to/file' for the mechanism to use > and > # second the expiring timeout (in seconds). > SSLSessionCache dbm:logs/ssl_scache > SSLSessionCacheTimeout 300 > > # Semaphore: > # Configure the path to the mutual exclusion > semaphore the > # SSL engine uses internally for inter-process > synchronization. > SSLMutex sem > > # Pseudo Random Number Generator (PRNG): > # Configure one or more sources to seed the PRNG > of the > # SSL library. The seed data should be of good > random quality. > SSLRandomSeed startup builtin > SSLRandomSeed connect builtin > #SSLRandomSeed startup file:/dev/random 512 > #SSLRandomSeed startup file:/dev/urandom 512 > #SSLRandomSeed connect file:/dev/random 512 > #SSLRandomSeed connect file:/dev/urandom 512 > SSLRandomSeed startup file:/dev/arandom 512 > > # Logging: > # The home of the dedicated SSL protocol logfile. > Errors are > # additionally duplicated in the general error log > file. Put > # this somewhere where it cannot be used for > symlink attacks on > # a real server (i.e. somewhere where only root > can write). > # Log levels are (ascending order: higher ones > include lower ones): > # none, error, warn, info, trace, debug. > SSLLog logs/ssl_engine_log > SSLLogLevel info > > </IfModule> > > <IfDefine SSL> > > ## > ## SSL Virtual Host Context > ## > > <VirtualHost *:443> > ServerAdmin [EMAIL PROTECTED] > DocumentRoot /var/www/virthosts/mail > ServerName mail.mydomain.org > SSLEngine on > SSLCertificateFile /etc/ssl/webmail.crt > SSLCertificateKeyFile > /etc/ssl/private/webmail.key > <Location /> > SSLRequireSsl > </Location> > </VirtualHost> > > <VirtualHost *:443> > ServerAdmin [EMAIL PROTECTED] > DocumentRoot /var/www/virthosts/calendar > ServerName calendar.mydomain.org > SSLEngine on > SSLCertificateFile /etc/ssl/calendar.crt > SSLCertificateKeyFile > /etc/ssl/private/calendar.key > <Location /> > SSLRequireSsl > </Location> > <Directory /var/www/virthosts/calendar> > Order allow,deny > Allow from all > </Directory> > <Location /cgi-bin/> > SetHandler perl-script > PerlHandler Apache::Registry > #PerlHandler Apache::PerlRun > Options ExecCGI > PerlSendHeader On > </Location> > </VirtualHost> > # > <VirtualHost _default_:443> > # General setup for the virtual host > #DocumentRoot /var/www/htdocs > #ServerName new.host.name > #ServerAdmin [EMAIL PROTECTED] > #ErrorLog logs/error_log > #TransferLog logs/access_log > > # SSL Engine Switch: > # Enable/Disable SSL for this virtual host. > SSLEngine on > > # SSL Cipher Suite: > # List the ciphers that the client is permitted to > negotiate. > # See the mod_ssl documentation for a complete > list. > #SSLCipherSuite > ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP > > # Server Certificate: > # Point SSLCertificateFile at a PEM encoded > certificate. If > # the certificate is encrypted, then you will be > prompted for a > # pass phrase. Note that a kill -HUP will prompt > again. A test > # certificate can be generated with `make > certificate' under > # built time. > SSLCertificateFile /etc/ssl/server.crt > > # Server Private Key: > # If the key is not combined with the certificate, > use === message truncated === ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]
