Welcome to MobyThreads.com!
FAQFAQ   SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log in/Register/PasswordLog in/Register/Password

Virtual hosts and wildcard SSL certificate

  
   Web Hosting and Web Master Forums (Home) -> Apache RSS
Related Topics:
virtual hosts... need help please - Hi NG. I'm having trouble Apache to run with more than 1 host. I've read the config ofcause but when I try to do what it says I can't seem to get it to work. If anyone could post the changes they have made to their to..

Virtual Hosts - Hi everyone, I am new to apache, so if my question is answered in the groups faq, or on the apache web site, feel free to tell me to f**k off and read there. However I have looked through the manual, and cant find any reference to the issues im having.

Virtual hosts and SSL? - Hello I'm trying to setup this apache 1.3 server for virtual hosts, with ssl. I've got the normal port 80 working, but the SSL is a bit of a mess. If I have the SSL pages in the real part of the server, ie, then..

Virtual Hosts? - I'm wanting to use one IP address to host multiple domains, ie web hosting. I assume that are the thin I need to focus on here and is this basically a similar concept to Host Headers in IIS 5.0? I'm running Windows 2000 with Apache 2.0.46 ..

ssl on named virtual hosts - I've got 2 virtual hosts running on Mandrake 10.0. They run fine except when it comes to ssl. I've of course googled around and found quite a few entries that say it's not possible to do ssl on named vhosts and others that say the contraty. The error..
Author Message
sybrenuse

External


Since: Oct 28, 2004
Posts: 2



(Msg. 1) Posted: Thu Oct 28, 2004 8:56 pm
Post subject: Virtual hosts and wildcard SSL certificate
Archived from groups: alt>apache>configuration (more info?)
Hi all,

I want to set up dynamic virtual hosts with Apache 2.0. I'll be using
mod_rewrite, because the document root will be something like:

/data/www/projects/customer1/site2/htdocs

where customer1 and site2 come from the URL like
http://site2.customer1.eyefi.nl/. Because we want to use HTTPS, I
created a certificate. I made the CN=*.eyefi.nl, because I know that
you can't do hostnamed-based selection of the SSL certificate.

When I request a page from Apache, Mozilla Firefox tells me "The
connection to site2.customer1.eyefi.nl has terminated unexpectedly.
Some data may have been transferred." The ssl_error.log file contains:

[Thu Oct 28 16:09:20 2004] [warn] RSA server certificate CommonName
(CN) `*.eyefi.nl' does NOT match server name!?

Checking with openssl gives me:

$ openssl s_client -connect site2.customer1.eyefi.nl:443 -showcerts
CONNECTED(00000003) 1931:error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475:

$ openssl s_client -connect dude.eyefi.nl:443 -showcerts -debug
CONNECTED(00000003)
write to 080AD358 [080ADBF8] (148 bytes => 148 (0x94))
0000 - 80 92 01 03 01 00 69 00-00 00 20 00 00 39 00 00 ......i... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............
0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03 ..3..2../.......
0030 - 00 80 00 00 66 00 00 05-00 00 04 01 00 80 08 00 ....f...........
0040 - 80 00 00 63 00 00 62 00-00 61 00 00 15 00 00 12 ...c..b..a......
0050 - 00 00 09 06 00 40 00 00-65 00 00 64 00 00 60 00 .....@..e..d..`.
0060 - 00 14 00 00 11 00 00 08-00 00 06 04 00 80 00 00 ................
0070 - 03 02 00 80 f7 3e aa 27-e1 fd 5e 84 0a 94 be 65 .....>.'..^....e
0080 - 12 42 b8 75 df 5f a6 3b-bc 26 70 70 24 9b 27 74 .B.u._.;.&pp$.'t
0090 - e4 c2 1a b3 ....
read from 080AD358 [080B3158] (7 bytes => 7 (0x7))
0000 - 3c 3f 78 6d 6c 20 76 <?xml v

1933:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:475:

It seems that Apache isn't doing any SSL on port 443, because if I go
to http://site2.customer1.eyefi.nl:443/ I get proper HTML.

I've tried googling, but I can't seem to find the answer. Please help!

Sybren
--
The problem with the world is stupidity. Not saying there should be a
capital punishment for stupidity, but why don't we just take the
safety labels off of everything and let the problem solve itself?

 >> Stay informed about: Virtual hosts and wildcard SSL certificate 
Back to top
Login to vote
davideyeahsure

External


Since: Nov 03, 2003
Posts: 2907



(Msg. 2) Posted: Thu Oct 28, 2004 8:56 pm
Post subject: Re: Virtual hosts and wildcard SSL certificate [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On 2004-10-28, Sybren Stuvel <sybrenUSE DeleteThis @YOURthirdtower.imagination.com> wrote:
 > created a certificate. I made the CN=*.eyefi.nl, because I know that

The CN is the domain name, no placeholder allowed. So eyefi.nl.
Davide

--
I think that when they use NT for controlling their weapons, any place
far away from strategic objects might exactly be the place where the first
strikes hit.
--Georg<!-- ~MESSAGE_AFTER~ -->

 >> Stay informed about: Virtual hosts and wildcard SSL certificate 
Back to top
Login to vote
sybrenuse

External


Since: Oct 28, 2004
Posts: 2



(Msg. 3) Posted: Sat Oct 30, 2004 3:34 pm
Post subject: Re: Virtual hosts and wildcard SSL certificate [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Davide Bianchi enlightened us with:
 > The CN is the domain name, no placeholder allowed. So eyefi.nl.

I'll try that, thanks!

Sybren
--
The problem with the world is stupidity. Not saying there should be a
capital punishment for stupidity, but why don't we just take the
safety labels off of everything and let the problem solve itself?<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Virtual hosts and wildcard SSL certificate 
Back to top
Login to vote
user3016

External


Since: Oct 29, 2004
Posts: 6



(Msg. 4) Posted: Sun Oct 31, 2004 4:31 am
Post subject: Re: Virtual hosts and wildcard SSL certificate [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Sybren Stuvel schrieb am Thu, 28 Oct 2004 17:56:18 +0200:

 > <a style='text-decoration: underline;' href="http://site2.customer1.eyefi.nl/." target="_blank">http://site2.customer1.eyefi.nl/.</a> Because we want to use HTTPS, I
 > created a certificate. I made the CN=*.eyefi.nl, because I know that
 > you can't do hostnamed-based selection of the SSL certificate.
 >

This won't work because the wildcard "stops" at the next dot. So,
site2.customer1.eyefi.nl and *.eyefi.nl simply don't match. No,
*.*.eyefi.nl won't work either Wink *.customer1.eyefi.nl *will* work.


Kai
--

Kai Schätzl, Berlin, Germany
IE-Center: <a style='text-decoration: underline;' href="http://ie5.de" target="_blank">http://ie5.de</a> & <a style='text-decoration: underline;' href="http://msie.winware.org" target="_blank">http://msie.winware.org</a><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Virtual hosts and wildcard SSL certificate 
Back to top
Login to vote
Display posts from previous:   
   Web Hosting and Web Master Forums (Home) -> Apache All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]