[openca-users:159] Apache config quirks

Thu, 21 Dec 2000 08:03:44 -0800 

Hi,

I did the following:

> >
> 1. You need mod_perl or something like this.
> (2. Is /opt/www the ServerRoot or DocumentRoot?)
> 3. OpenCA needs at minimum three servers actual.
>        1. public
>       htdocs-public
>       cgi-public
>        2. RA
>       htdocs-ra..
>       ras-cgi
>        3. CA
>       htdocs-ca
>       cgi-ca
> So the big question is where do the rpms install the three cgi- and the three
> htdocs-sections. (ask the creator of the rpms)

I generated a server cert for each, and I configured Named Virtual Hosts with
apache-ssl (which is *NOT* mod_ssl, see www.apache-ssl.org). I specify the
different certs in the different <VirtualHost> sections, but when I connect to
the server with a browser, I'm always presented the first cert, even if I'm
accessing the second or third defined VirtualHost!

If I disable these hosts, leaving only active the one I want to access, then I
get the right certificate, so the config looks OK.

I don't use srm.conf nor access.conf, but at the end of httpd.conf I've got:

NameVirtualHost 111.222.333.444:80
NameVirtualHost 111.222.333.444:443

include /etc/apache-ssl/vhosts/caserver
#include /etc/apache-ssl/vhosts/raserver
#include /etc/apache-ssl/vhosts/secureserver

And caserver contains (the other 2 are similar):

#<VirtualHost caserver>

<VirtualHost 111.222.333.444:80>
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /var/www/OpenCA-Book
ServerName ca.mydomain.nl
SSLdisable
ErrorLog /var/log/apache/ca-error.log
TransferLog /var/log/apache/ca-access.log
</VirtualHost>

<VirtualHost 111.222.333.444:443>
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /var/www-secure/OpenCA
ServerName ca.mydomain.nl
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin.secure/
SSLenable
SSLCertificateFile /etc/apache-ssl/certs/caservercert.pem
SSLCertificateKeyFile /etc/apache-ssl/certs/caserverkey.pem
SSLVerifyClient 0
SSLVerifyDepth 15
ErrorLog /var/log/apache-ssl/ca-error.log
TransferLog /var/log/apache-ssl/ca-access.log
</VirtualHost>


Can anyone give me a clue? I'm using apache 1.3.9 on Debian2.2 (kernel 2.2.17)
(I changed IP-addresses and domainnames for privacy reasons)

TIA,

Marcel

-- 
---------------------------------------------------------------
ing. Marcel van Dorp (CCDP, CCNP+security)   http://www.wiwo.nl
WiWo Support                                 tel. 071-523 77 91
Postbus 1098                                 fax  071-523 77 94
2340 BB Oegstgeest                           gsm  0653-50 77 76
---------------------------------------------------------------

_________________________________________________________________
OpenCA - Users Support Mailing List       [EMAIL PROTECTED]

Reply via email to