It would be ideal to the ssl enabled for NAME1.com only.
NAME2.com and NAME3.com would stay as is.
I've tried the following but not sure if I've taken your input correctly:
=============================
LoadModule ssl_module modules/mod_ssl.so
<IfDefine SSL>
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
</IfDefine>
/*......*/
NameVirtualHost OUR_IP_ADDRESS:80
<VirtualHost OUR_IP_ADDRESS:80>
ServerName NAME1.com
DocumentRoot /var/www/html1
</VirtualHost>
<VirtualHost OUR_IP_ADDRESS:443>
DocumentRoot /var/www/html1
ServerName NAME1.com
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/conf/ssl.crt/hostcert.pem
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/hostkey.pem
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<VirtualHost OUR_IP_ADDRESS:80>
ServerName NAME2.com
DocumentRoot /var/www/html2
</VirtualHost>
<VirtualHost OUR_IP_ADDRESS:80>
ServerName NAME3.com
DocumentRoot /var/www/html3
</VirtualHost>
=================================
Apache is failing to restart when I try this.
httpd -D SSL -S gives out:
VirtualHost configuration:
192.5.166.40:80 is a NameVirtualHost
default server NAME1.com (/etc/httpd/conf/httpd.conf:xxx)
port 80 namevhost NAME1.com (/etc/httpd/conf/httpd.conf:xxx)
port 80 namevhost NAME2.com (/etc/httpd/conf/httpd.conf:yyy)
port 80 namevhost NAME3.com (/etc/httpd/conf/httpd.conf:zzz)
I've also tried adding:
"NameVirtualHost OUR_IP_ADDRESS:433" and "Listen 433" but did not help.
Any ideas?
Thank you so much.
On 5/9/07, Joshua Slive <[EMAIL PROTECTED]> wrote:
On 5/9/07, Liz Kim <[EMAIL PROTECTED]> wrote:
> <IfModule mod_ssl.c>
> Include conf.d/ssl.conf
> </IfModule>
>
> /*......*/
>
> NameVirtualHost OUR_IP_ADDRESS:80
>
> <VirtualHost OUR_IP_ADDRESS:443>
> ServerName NAME1.com
> DocumentRoot /var/www/html1
> </VirtualHost>
>
>
> <VirtualHost OUR_IP_ADDRESS:80>
> ServerName NAME2.com
> DocumentRoot /var/www/html2
> </VirtualHost>
>
>
> <VirtualHost OUR_IP_ADDRESS:80>
> ServerName NAME3.com
> DocumentRoot /var/www/html3
> </VirtualHost>
> =================================
> where conf.d/ssl.conf file contains all the appropriate codes for
enabling
> SSL - loading the module, certificate and key definitions, etc.
> However, when I do this, http://www.NAME1.com will point to
> http://www.NAME2.com and https://www.NAME1.com does not work.
> The certificate is issued to NAME1.com which is also the name of the
> server....
>
> Any help would be greatly appreciated!!!
> Are there any easy to follow guides on how to ssl enable name-based
virtual
> hosts?
In general, you can't have SSL with name-based virtual hosts, because
the ssl negotiation happens before the name is known.
It is hard to tell exactly what you are trying to achieve, but you CAN
have a bunch of non-ssl name-based virtual hosts plus ONE ssl virtual
host on the same server.
What you have doesn't work for two reasons:
1. You removed the non-ssl (port 80) virtual host for name1.com. You
need to put that back and have the port 443 virtual host as a separate
<VirtualHost> block.
2. Instead of using conf.d/ssl.conf, just put the ssl directives
directly inside the <VirtualHost IP:443>. If you look inside ssl.conf,
you'll probably find it is defining a separate <VirtualHost> block
which is being ignored due to your <VirtualHost IP:443>.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
