On Wed, Apr 9, 2008 at 2:22 PM, Tony Schreiner <schreian@bc.edu> wrote:
> nameprotected.domain.edu is a DNS CNAME to the actual host.
>
> How do folks do SSL and virtual hosts? multiple IP addresses is not an
> option for me.
It better be, because for apache 2.0, it's the ONLY way you can do vhosts.
You have to have 1 ip per vhost for ssl. This is in the apache documentation
For httpd 2.2, you can do name based vhosts, but not with standard ssl
certs like verisign ships.
--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
04-09-2008, 06:52 PM
mouss
ssl and NameVirtualHost
Tony Schreiner wrote:
I recently aquired a Verisign SSL certificate for my web server on
Centos 4, with apache 2.0.59 from centosplus.
It however doesn't seem to be working the way I've set it up, browsers
connect but are told the certiticate is not recognized. Showing more
info, the information looks correct.
I think it has probably to do with the fact that I'm using the
certificate on a virtual named host, and I wonder If any body has
experience doing this? A few places in the apache documentation
suggest that SSL cannot be used with name based virtual hosting, but I
don't if that means, not at all, or not with multiple named hosts.
I have multiple NameVirtualHost on port 80, but will only plan to use
one of the names on port 443.
The start of the section in my ssl.conf goes like this:
nameprotected.domain.edu is a DNS CNAME to the actual host.
the ServerName should match the name in the certificate.
How do folks do SSL and virtual hosts? multiple IP addresses is not an
option for me.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
04-09-2008, 07:15 PM
Tony Schreiner
ssl and NameVirtualHost
On Apr 9, 2008, at 2:37 PM, Jim Perrin wrote:
On Wed, Apr 9, 2008 at 2:22 PM, Tony Schreiner <schreian@bc.edu>
wrote:
nameprotected.domain.edu is a DNS CNAME to the actual host.
How do folks do SSL and virtual hosts? multiple IP addresses is
not an
option for me.
It better be, because for apache 2.0, it's the ONLY way you can do
vhosts.
You have to have 1 ip per vhost for ssl. This is in the apache
documentation
For httpd 2.2, you can do name based vhosts, but not with standard ssl
certs like verisign ships.
crud...
but thanks for the info
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
04-09-2008, 07:16 PM
Kai Schaetzl
ssl and NameVirtualHost
Tony Schreiner wrote on Wed, 9 Apr 2008 14:22:22 -0400:
> It however doesn't seem to be working the way I've set it up,
> browsers connect but are told the certiticate is not recognized.
Unfortunately, the most important information is missing from your
explanation: please give the exact URL, so one can see the *actual*
message and the actual certificate. From first "sight" it looks like the
site is not using the certificate you think it uses.
FYI: You can have *one* certificate per IP address. It doesn't matter if
name-based or not. (So, if you want to have 5 name-based SSL virtual hosts
you have to use the same certificate for all of them. That's obviously not
the case for you.)
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
04-09-2008, 07:21 PM
Rick Barnes
ssl and NameVirtualHost
Tony Schreiner wrote:
I recently aquired a Verisign SSL certificate for my web server on
Centos 4, with apache 2.0.59 from centosplus.
It however doesn't seem to be working the way I've set it up, browsers
connect but are told the certiticate is not recognized. Showing more
info, the information looks correct.
I think it has probably to do with the fact that I'm using the
certificate on a virtual named host, and I wonder If any body has
experience doing this? A few places in the apache documentation suggest
that SSL cannot be used with name based virtual hosting, but I don't if
that means, not at all, or not with multiple named hosts.
I have multiple NameVirtualHost on port 80, but will only plan to use
one of the names on port 443.
The start of the section in my ssl.conf goes like this:
Rick
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
04-09-2008, 07:24 PM
"Jim Perrin"
ssl and NameVirtualHost
On Wed, Apr 9, 2008 at 3:15 PM, Tony Schreiner <schreian@bc.edu> wrote:
> crud...
Well, as Kai brings up, you get one cert per IP. If you're using
subdomains you *might* be able to get away with this.
*.example.com as a cert common name will work for foo.example.com, and
bar.example.com. etc. So long as you're using subdomain certs this
works okay. If you're doing different names, you're pretty sunk.
"Name-based virtual hosting cannot be used with SSL secure servers
because of the nature of the SSL protocol."
See http://httpd.apache.org/docs/2.0/vhosts/name-based.html for more info
--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
04-09-2008, 07:29 PM
Tony Schreiner
ssl and NameVirtualHost
On Apr 9, 2008, at 3:16 PM, Kai Schaetzl wrote:
Tony Schreiner wrote on Wed, 9 Apr 2008 14:22:22 -0400:
It however doesn't seem to be working the way I've set it up,
browsers connect but are told the certiticate is not recognized.
Unfortunately, the most important information is missing from your
explanation: please give the exact URL, so one can see the *actual*
message and the actual certificate. From first "sight" it looks
like the
site is not using the certificate you think it uses.
FYI: You can have *one* certificate per IP address. It doesn't
matter if
name-based or not. (So, if you want to have 5 name-based SSL
virtual hosts
you have to use the same certificate for all of them. That's
obviously not
the case for you.)
Kai
I was under the (obviously mistaken) impression that one certificate
per hostname was the rule. and I created the certificate with the
hostname I want to use; which is resolvable; and reachable with
regular http over port 80. And that is the only SSL enabled site I
want to use on this server.
Getting multiple IP addresses on my server will require a change of
plan of action for me; but may be possible.
Tony
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
04-09-2008, 08:35 PM
David Hrbác(
ssl and NameVirtualHost
Jim Perrin napsal(a):
"Name-based virtual hosting cannot be used with SSL secure servers
because of the nature of the SSL protocol."
See http://httpd.apache.org/docs/2.0/vhosts/name-based.html for more info
Jim, you are not right... SSL 3.0 support Server Name Indication and of
course TLS 1.0. For those who are interested there are repos for C{4,5}
located here:
Regards,
David
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
04-09-2008, 08:40 PM
"Jim Perrin"
ssl and NameVirtualHost
On Wed, Apr 9, 2008 at 4:35 PM, David Hrbác( <hrbac.conf@seznam.cz> wrote:
> Jim, you are not right... SSL 3.0 support Server Name Indication and of
> course TLS 1.0. For those who are interested there are repos for C{4,5}
> located here:
My comments were/are based on the apache documentation (linked
previously in the thread), and the distro base as it ships. Your
packages work, yes, but do they function with the verisign cert he's
already got?
--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
04-09-2008, 08:44 PM
"Jim Perrin"
ssl and NameVirtualHost
On Wed, Apr 9, 2008 at 4:35 PM, David Hrbác( <hrbac.conf@seznam.cz> wrote:
> Jim, you are not right... SSL 3.0 support Server Name Indication and of
> course TLS 1.0. For those who are interested there are repos for C{4,5}
> located here:
Since I should have included this in my previous reply... I don't mind
being wrong, so long as it's documented.
Can you show the config for CentOS 4, (without the TLS packages you
list) to do name based vhosts with ssl? I'd be interested in this
myself. Given that the apache documentation for 2.0.x says it can't be
done, I was basing my statements off that.
--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
ssl and NameVirtualHost
