Re: Illegal attempt to re-initialise SSL for server
On Sat, 1 Mar 2003, Domenico Andreoli wrote: CUT HERE -- # ... SSLEngine on SSLCertificateFile /etc/apache/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache/ssl.key/server.key VirtualHost _default_:* /VirtualHost # ... CUT HERE -- It ought to look like this: VirtualHost foo:443 SSLEngine on SSLCertificateFile ... SSLCertificateKeyFile ... /VirtualHost Note that your use of the certificate and key across all virtual hosts, whether by putting it in the server-wide config or by putting it in VirtualHost _default_:*, won't generally work. Your clients will get errors when they try to browse to your site if the hostname doesn't match the one stored in the certificate, for example. You should have a different certificate/key pair for every hostname on which you wish to run SSL. And of course each of those virtual hosts needs to be on a unique IP:port pair--no name-based virtual hosting. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Illegal attempt to re-initialise SSL for server
On Sat, Mar 01, 2003 at 10:59:33AM -0500, Cliff Woolley wrote: It ought to look like this: VirtualHost foo:443 SSLEngine on SSLCertificateFile ... SSLCertificateKeyFile ... /VirtualHost Note that your use of the certificate and key across all virtual hosts, whether by putting it in the server-wide config or by putting it in VirtualHost _default_:*, won't generally work. Your clients will get errors when they try to browse to your site if the hostname doesn't match the one stored in the certificate, for example. You should have a different certificate/key pair for every hostname on which you wish to run SSL. And of course each of those virtual hosts needs to be on a unique IP:port pair--no name-based virtual hosting. right right. this is not a issue because this configuration has not any sense. many thanks cavok ps: may i quote your message? i'd like to include your reply to who reported the original problem (debian bug report #169083). -[ Domenico Andreoli, aka cavok --[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc ---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50 pgp0.pgp Description: PGP signature
Re: Illegal attempt to re-initialise SSL for server
On Sat, 1 Mar 2003, Domenico Andreoli wrote: ps: may i quote your message? i'd like to include your reply to who reported the original problem (debian bug report #169083). Sure! It's a public list after all. :) --Cliff - Cliff Woolley Apache HTTP Server Project Apache Software Foundation __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]