Re: [apache-ssl] SSL and Virtual Hosts

To: apache-ssl@lists.aldigital.co.uk
Subject: Re: [apache-ssl] SSL and Virtual Hosts
From: Adam Laurie <adam@algroup.co.uk>
Date: Fri, 05 Mar 1999 10:58:17 +0000
Delivered-To: mailing list apache-ssl@lists.aldigital.co.uk
Mailing-List: contact apache-ssl-help@lists.aldigital.co.uk; run by ezmlm
Organization: http://www.apache-ssl.org
References: <917F10225BC0D211BA59006008AF8632144E@sterling-corp>
Reply-To: apache-ssl@lists.aldigital.co.uk

Charles Keating wrote:
> 
> Hi all,
>   I have SSL installed which works great...to great.  I have around 20
> non-ssl virtual sites, and one ssl virtual site.  In my httpd.conf file, I
> have the following in the main section:
> User nobody
> Group nobody
> Port 80
> Listen 80
> SSLDisable
> Listen 443
> ServerRoot /usr/local/apache
> DocumentRoot /usr/local/apache/share/htdocs
> TransferLog  /usr/local/apache/var/log/access.log
> ErrorLog /usr/local/apache/var/log/error.log
> PidFile /usr/local/apache/var/run/httpsd.pid
> 
> ...and the following in one of the non-ssl virtual server sections :
> <VirtualHost www.onedog.com:80>
> SSLDisable
> Port 80
> ServerAdmin webmaster@onedog.com
> DocumentRoot /websites/docs/dogone/public_html
> ServerName www.onedog.com
> ErrorLog logs/www.onedog.com-error_log
> TransferLog logs/www.onedog.com-access_log
> </VirtualHost>
> 
> and here is the ssl one
> <VirtualHost secure.thegolfer.com:443>
> Port 443
> SSLEnable
> SSLVerifyClient 0
> SSLVerifyDepth 10
> SSLCertificateKeyFile /usr/local/ssl/certs/secure.thegolfer.com.key
> SSLCertificateFile /usr/local/ssl/certs/secure.thegolfer.com.cert
> ServerAdmin webmaster@thegolfer.com
> DocumentRoot /websites/docs/thegolfer/secure
> ServerName secure.thegolfer.com
> ErrorLog logs/www.thegolfer.com-error_log
> TransferLog logs/www.thegolfer.com-access_log
> </VirtualHost>
> 
> The problem is that if you go to https://www.onedog.com
> <https://www.onedog.com> , you get the certificate for the secure site.  I
> do not want this to happen, obviously.  How do I lock this thing down to
> where you can ssl to the correct site only and get an error page for the
> non-ssl servers?  The secure site works great however.   Am I missing
> something?

You must use a dedicated IP address for each secure server. It is not
possible to do name based V/H on SSL sites. 

cheers,
Adam
--
Adam Laurie                   Tel: +44 (181) 742 0755
A.L. Digital Ltd.             Fax: +44 (181) 742 5995
Voysey House                  
Barley Mow Passage            http://www.aldigital.co.uk
London W4 4GB                 mailto:adam@algroup.co.uk
UNITED KINGDOM                PGP key on keyservers

References:
- SSL and Virtual Hosts
  - From: Charles Keating <chuckk@sterlink.net>

Prev by Date: Re: [apache-ssl] SSL and Virtual Hosts
Next by Date: Apache SSL mod_perl build problem
Previous by thread: Re: [apache-ssl] SSL and Virtual Hosts
Next by thread: SSL and Virtual Hosts
Index(es):
- Date
- Thread