| View previous topic :: View next topic |
| Author |
Message |
zambizzi
Guru
Joined: 28 Aug 2004
Posts: 581
Location: Boise Idaho
|
 Posted: Wed Nov 24, 2004 8:13 pm Post subject: apache, SSL - multiple sites |
 |
|
Hi all....
I have a web server running apache 2 on Gentoo and I'm having trouble configuring SSL for multiple sites using one IP address.
I have 3 sites, each w/ their own domain name and each have their own SSL certificate. All 3 use the same IP address in vhosts.conf and all are using port 443 for SSL.
Everything works fine on port 80 but the problem arises with SSL. for "supremegreens.net", everything works and SSL is fine but for the other two sites, I get a warning when switching to https telling me the certificate actually belongs to supremegreens.net and not the current site.
How can I make these warnings go away?
Here is my vhosts.conf
| Code: |
#supreme-greens.com
NameVirtualHost 204.225.92.137:80
<VirtualHost 204.225.92.137:80>
DocumentRoot /var/www/localhost/htdocs/supremegreensmsm.com
ServerName supreme-greens.com
ServerAlias www.supreme-greens.com
ErrorLog /var/www/localhost/htdocs/supremegreensmsm.com/logs/supremegreensmsm-error_log
</VirtualHost>
#supremegreens.net
NameVirtualHost 204.225.92.137:80
<VirtualHost 204.225.92.137:80>
DocumentRoot /var/www/localhost/htdocs/supremegreens.net
ServerName supremegreens.net
ServerAlias www.supremegreens.net
ErrorLog /var/www/localhost/htdocs/supremegreens.net/logs/supremegreens.net-error_log
</VirtualHost>
#supremegreensmsm.com
NameVirtualHost 204.225.92.137:80
<VirtualHost 204.225.92.137:80>
DocumentRoot /var/www/localhost/htdocs/supremegreensmsm.com_real
ServerName supremegreensmsm.com
ServerAlias www.supremegreensmsm.com
ErrorLog /var/www/localhost/htdocs/supremegreensmsm.com_real/logs/supremegreensmsm_real_log
</VirtualHost>
<IfModule mod_ssl.c>
#SSL for supremegreens.net store
NameVirtualHost 204.225.92.137:443
<VirtualHost 204.225.92.137:443>
DocumentRoot /var/www/localhost/htdocs/supremegreens.net
ServerName www.supremegreens.net:443
ErrorLog /var/www/localhost/htdocs/supremegreens.net/logs/ssl_error_log
<IfModule mod_log_config.c>
TransferLog logs/ssl_access_log
</IfModule>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile conf/ssl/supremegreens.net.crt
SSLCertificateKeyFile conf/ssl/supremegreens.net.key
<Files ~ "\.(cgi|shtml|phtml|php?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/home/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
<IfModule mod_setenvif.c>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>
<IfModule mod_log_config.c>
CustomLog /var/www/localhost/htdocs/supremegreens.net/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteOptions inherit
</IfModule>
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
#SSL for supreme-greens.com store
NameVirtualHost 204.225.92.137:443
<VirtualHost 204.225.92.137:443>
DocumentRoot /var/www/localhost/htdocs/supremegreensmsm.com
ServerName www.supreme-greens.com:443
ErrorLog /var/www/localhost/htdocs/supremegreensmsm.com/logs/ssl_error_log
<IfModule mod_log_config.c>
TransferLog logs/ssl_access_log
</IfModule>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile conf/ssl/supreme-greens.com.crt
SSLCertificateKeyFile conf/ssl/supreme-greens.com.key
<Files ~ "\.(cgi|shtml|phtml|php?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/home/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
<IfModule mod_setenvif.c>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>
<IfModule mod_log_config.c>
CustomLog /var/www/localhost/htdocs/supremegreensmsm.com/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteOptions inherit
</IfModule>
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<IfModule mod_ssl.c>
#SSL for supremegreensmsm.com store
NameVirtualHost 204.225.92.137:443
<VirtualHost 204.225.92.137:443>
DocumentRoot /var/www/localhost/htdocs/supremegreensmsm.com_real
ServerName www.supremegreensmsm.com:443
ErrorLog /var/www/localhost/htdocs/supremegreensmsm.com_real/logs/ssl_error_log
<IfModule mod_log_config.c>
TransferLog logs/ssl_access_log
</IfModule>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile conf/ssl/supremegreensmsm.com.crt
SSLCertificateKeyFile conf/ssl/supremegreensmsm.com.key
<Files ~ "\.(cgi|shtml|phtml|php?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/home/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
<IfModule mod_setenvif.c>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>
<IfModule mod_log_config.c>
CustomLog /var/www/localhost/htdocs/supremegreensmsm.com_real/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteOptions inherit
</IfModule>
</VirtualHost>
</IfModule>
|
I have verified that all of the ssl certificates are valid and in the correct place. At one point I had these sites pointing from another DNS server to my IP address and the certs worked fine, so I am absolutely sure the issue is NOT with the SSL certs.
Anyone know how I can get rid of the message?
Thanks! |
|
| Back to top |
|
 |
liber!
Tux's lil' helper
Joined: 05 Aug 2004
Posts: 123
Location: EU, Antwerp
|
| Posted: Wed Nov 24, 2004 9:05 pm Post subject: |
|
|
This is not a problem, this is a standard...
HTTPS can only be one site per ip per port... sorry 
Maybe you could make something with proxies, but still I advise you to follow the standards and just request extra ip's per https site... (Most European ISP's (in datacenters, not home use) give ip's for free if you say you need them for https...
Greets,
Nathan |
|
| Back to top |
|
|
liber!
Tux's lil' helper
Joined: 05 Aug 2004
Posts: 123
Location: EU, Antwerp
|
| Posted: Wed Nov 24, 2004 9:06 pm Post subject: |
|
|
| Oops your from the US, I don't know how it's over there. |
|
| Back to top |
|
|
unleashedgamers
n00b
Joined: 22 Nov 2004
Posts: 8
Location: Canada Eh?
|
| Posted: Wed Nov 24, 2004 9:50 pm Post subject: |
|
|
| liber! you are correct, ssl certs require an ip address each per site |
|
| Back to top |
|
|
|
Networking & Security
