Hi all,
I have SSL installed which works great...to great. I have around 20
non-ssl virtual sites, and one ssl virtual site. In my httpd.conf file, I
have the following in the main section:
User nobody
Group nobody
Port 80
Listen 80
SSLDisable
Listen 443
ServerRoot /usr/local/apache
DocumentRoot /usr/local/apache/share/htdocs
TransferLog /usr/local/apache/var/log/access.log
ErrorLog /usr/local/apache/var/log/error.log
PidFile /usr/local/apache/var/run/httpsd.pid
...and the following in one of the non-ssl virtual server sections :
<VirtualHost www.onedog.com:80>
SSLDisable
Port 80
ServerAdmin webmaster@onedog.com
DocumentRoot /websites/docs/dogone/public_html
ServerName www.onedog.com
ErrorLog logs/www.onedog.com-error_log
TransferLog logs/www.onedog.com-access_log
</VirtualHost>
and here is the ssl one
<VirtualHost secure.thegolfer.com:443>
Port 443
SSLEnable
SSLVerifyClient 0
SSLVerifyDepth 10
SSLCertificateKeyFile /usr/local/ssl/certs/secure.thegolfer.com.key
SSLCertificateFile /usr/local/ssl/certs/secure.thegolfer.com.cert
ServerAdmin webmaster@thegolfer.com
DocumentRoot /websites/docs/thegolfer/secure
ServerName secure.thegolfer.com
ErrorLog logs/www.thegolfer.com-error_log
TransferLog logs/www.thegolfer.com-access_log
</VirtualHost>
The problem is that if you go to https://www.onedog.com
<https://www.onedog.com> , you get the certificate for the secure site. I
do not want this to happen, obviously. How do I lock this thing down to
where you can ssl to the correct site only and get an error page for the
non-ssl servers? The secure site works great however. Am I missing
something?
TIA,
Chuck
-----------------------
Charles Keating
Sterling Communications Inc.
(503) 885-8908 ext. 223
(503) 885-0150 (FAX)
Email: chuckk@sterlink.net