Re: [Modules] Cannot seem to get Server Name Indication working...
Hi Ray,
> it looks like you have the key and cert file directives commented out?
why?
>>
>> GnuTLSEnable on
>> GnuTLSPriorities NORMAL
>>
>> ServerName www.natiki.com.au
>> ServerAlias natiki.com.au
>> DocumentRoot /usr/local/www/webs/natiki_new
>> ErrorLog /var/log/ssl_www.natiki.com.au-error_log
>> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-agent}i\""
>>
>> TransferLog /var/log/ssl_www.natiki.com.au-transfer_log
>>
>> GnuTLSCertificateFile
>> /usr/local/etc/apache22/Includes/rapidssl.natiki.com.au.crt
>> GnuTLSKeyFile
>> /usr/local/etc/apache22/Includes/rapidssl.natiki.com.au.key
>>
>> #SSLEngine on
>> #SSLCertificateKeyFile
>> /usr/local/etc/apache22/Includes/rapidssl.natiki.com.au.key
>> #SSLCertificateFile
>> /usr/local/etc/apache22/Includes/rapidssl.natiki.com.au.crt
>>
I thought the GnuTLSCertificateFile directive relaced the SSLCertificateFile
directive seeing as though all the SSL auth is going through mod_gnutls?
--Donovan
www.natiki.com.au
-----Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 04, 2008 3:09 AM
To: [EMAIL PROTECTED]
Subject: Re: [Modules] Cannot seem to get Server Name Indication working...
no. if the browser doesn't support it then you are SOL.
it looks like you have the key and cert file directives commented out? why?
> Hi,
>
> Using FireFox 3 on Windows. As a side issue seeing as though browser
version
> is an issue is there any alternative to implement SNI that is browser
> agnostic?
>
> --Donovan
> www.natiki.com.au
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 03, 2008 8:25 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Modules] Cannot seem to get Server Name Indication
working...
>
> might be your browser. IE6 and IE7 dont do SNI. IE7 does it on 64 bit
> windows but not 32bit. they just end up using the first cert in the conf
> file
> for everything. try FF2 or FF3
>
>> G'Day,
>>
>> - I have successfully compiled and installed mod_gnutls on FreeBSD 6.2 /
>> Apache/2.2.6 (FreeBSD)
>> - Module is loading and I see no errors in the logs and the conf location
>> has cache files being included in it.
>> - When I go to https://www.natiki.com.au I am returned the certificate
for
>> https://www.capitel.com.au
>>
>> I don't know how to turn on additional logging for mod_gnutls and can
> supply
>> logs if necessary. So what am I missing here?
>>
>> My config is as follows:
>>
>> 116.212.64.71:443 is a NameVirtualHost
>> default server www.capitel.com.au
>> (/usr/local/etc/apache22/Includes/host_donovan.conf:57)
>> port 443 namevhost www.capitel.com.au
>> (/usr/local/etc/apache22/Includes/host_donovan.conf:57)
>> port 443 namevhost www.natiki.com.au
>> (/usr/local/etc/apache22/Includes/host_donovan.conf:407)
>>
>> The virtual host blocks look as follows:
>>
>> # -- www.capitel.com.au -
>>
>> ServerName www.capitel.com.au
>> ServerAlias new.capitel.com.au capitel.com.au
>> DocumentRoot /usr/local/www/webs/capitel/www
>> ErrorLog /var/log/www.capitel.com.au-error_log
>> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-agent}i\""
>> TransferLog /var/log/www.capitel.com.au-transfer_log
>>
>> #Force to https always
>> RewriteEngine On
>> RewriteCond %{HTTPS} off
>> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>>
>>
>>
>> GnuTLSEnable on
>> GnuTLSPriorities NORMAL
>>
>> ServerName www.capitel.com.au
>> ServerAlias capitel.com.au
>> DocumentRoot /usr/local/www/webs/capitel/www
>> ErrorLog /var/log/www.capitel.com.au-error_log
>> LogFormat "%h %l %u %t %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b
>> \"%{Referer}i\" \"%{User-agent}i\""
>> TransferLog /var/log/www.capitel.com.au-transfer_log
>>
>> GnuTLSCertificateFile
>> /usr/local/etc/apache22/Includes/servage.www.capitel.com.au.crt
>> GnuTLSKeyFile
>> /usr/local/etc/apache22/Includes/servage.www.capitel.com.au.key
>>
>> #SSLEngine on
>> #SSLCertificateKeyFile
>> /usr/local/etc/apache22/Includes/servage.www.capitel.com.au.key
>> #SSLCertificateFile
>>
Re: [Modules] Cannot seem to get Server Name Indication working...
On Wed, Dec 03, 2008 at 01:29:34PM +1100, Donovan J. Edye <[EMAIL PROTECTED]> wrote a message of 142 lines which said: > As a side issue seeing as though browser version is an issue is > there any alternative to implement SNI that is browser agnostic? Subject Alternative Name in the X.509 certificate (RFC 2459). Works for me. http://therowes.net/~greg/2008/01/08/creating-a-certificate-with-multiple-hostnames/ ___ Modules mailing list Modules@lists.outoforder.cc http://lists.outoforder.cc/mailman/listinfo/modules
Re: [Modules] Cannot seem to get Server Name Indication working...
Hi,
Using FireFox 3 on Windows. As a side issue seeing as though browser version
is an issue is there any alternative to implement SNI that is browser
agnostic?
--Donovan
www.natiki.com.au
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 03, 2008 8:25 AM
To: [EMAIL PROTECTED]
Subject: Re: [Modules] Cannot seem to get Server Name Indication working...
might be your browser. IE6 and IE7 dont do SNI. IE7 does it on 64 bit
windows but not 32bit. they just end up using the first cert in the conf
file
for everything. try FF2 or FF3
> G'Day,
>
> - I have successfully compiled and installed mod_gnutls on FreeBSD 6.2 /
> Apache/2.2.6 (FreeBSD)
> - Module is loading and I see no errors in the logs and the conf location
> has cache files being included in it.
> - When I go to https://www.natiki.com.au I am returned the certificate for
> https://www.capitel.com.au
>
> I don't know how to turn on additional logging for mod_gnutls and can
supply
> logs if necessary. So what am I missing here?
>
> My config is as follows:
>
> 116.212.64.71:443 is a NameVirtualHost
> default server www.capitel.com.au
> (/usr/local/etc/apache22/Includes/host_donovan.conf:57)
> port 443 namevhost www.capitel.com.au
> (/usr/local/etc/apache22/Includes/host_donovan.conf:57)
> port 443 namevhost www.natiki.com.au
> (/usr/local/etc/apache22/Includes/host_donovan.conf:407)
>
> The virtual host blocks look as follows:
>
> # -- www.capitel.com.au -
>
> ServerName www.capitel.com.au
> ServerAlias new.capitel.com.au capitel.com.au
> DocumentRoot /usr/local/www/webs/capitel/www
> ErrorLog /var/log/www.capitel.com.au-error_log
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-agent}i\""
> TransferLog /var/log/www.capitel.com.au-transfer_log
>
> #Force to https always
> RewriteEngine On
> RewriteCond %{HTTPS} off
> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>
>
>
> GnuTLSEnable on
> GnuTLSPriorities NORMAL
>
> ServerName www.capitel.com.au
> ServerAlias capitel.com.au
> DocumentRoot /usr/local/www/webs/capitel/www
> ErrorLog /var/log/www.capitel.com.au-error_log
> LogFormat "%h %l %u %t %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b
> \"%{Referer}i\" \"%{User-agent}i\""
> TransferLog /var/log/www.capitel.com.au-transfer_log
>
> GnuTLSCertificateFile
> /usr/local/etc/apache22/Includes/servage.www.capitel.com.au.crt
> GnuTLSKeyFile
> /usr/local/etc/apache22/Includes/servage.www.capitel.com.au.key
>
> #SSLEngine on
> #SSLCertificateKeyFile
> /usr/local/etc/apache22/Includes/servage.www.capitel.com.au.key
> #SSLCertificateFile
> /usr/local/etc/apache22/Includes/servage.www.capitel.com.au.crt
>
> # -- www.capitel.com.au -
>
> # -- www.natiki.com.au -
>
> ServerName www.natiki.com.au
> ServerAlias natiki.com.au
> DocumentRoot /usr/local/www/webs/natiki_new
> ErrorLog /var/log/www.natiki.com.au-error_log
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-agent}i\""
> TransferLog /var/log/www.natiki.com.au-transfer_log
>
>
>
> GnuTLSEnable on
> GnuTLSPriorities NORMAL
>
> ServerName www.natiki.com.au
> ServerAlias natiki.com.au
> DocumentRoot /usr/local/www/webs/natiki_new
> ErrorLog /var/log/ssl_www.natiki.com.au-error_log
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-agent}i\""
>
> TransferLog /var/log/ssl_www.natiki.com.au-transfer_log
>
> GnuTLSCertificateFile
> /usr/local/etc/apache22/Includes/rapidssl.natiki.com.au.crt
> GnuTLSKeyFile
> /usr/local/etc/apache22/Includes/rapidssl.natiki.com.au.key
>
> #SSLEngine on
> #SSLCertificateKeyFile
> /usr/local/etc/apache22/Includes/rapidssl.natiki.com.au.key
> #SSLCertificateFile
> /usr/local/etc/apache22/Includes/rapidssl.natiki.com.au.crt
>
> # -- /www.natiki.com.au
>
>
> --Donovan
> www.natiki.com.au
>
>
>
> ___
> Modules mailing list
> Modules@lists.outoforder.cc
> http://lists.outoforder.cc/mailman/listinfo/modules
>
___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/mailman/listinfo/modules
