[CentOS] ssl and NameVirtualHost
Ross Cavanagh
ross-cavanagh at bm-sms.co.jp
Thu Apr 10 01:34:43 UTC 2008
Rick Barnes wrote:
> Tony Schreiner wrote:
>> I recently aquired a Verisign SSL certificate for my web server on
>> Centos 4, with apache 2.0.59 from centosplus.
>>
>> It however doesn't seem to be working the way I've set it up,
>> browsers connect but are told the certiticate is not recognized.
>> Showing more info, the information looks correct.
>>
>> I think it has probably to do with the fact that I'm using the
>> certificate on a virtual named host, and I wonder If any body has
>> experience doing this? A few places in the apache documentation
>> suggest that SSL cannot be used with name based virtual hosting, but
>> I don't if that means, not at all, or not with multiple named hosts.
>>
>> I have multiple NameVirtualHost on port 80, but will only plan to use
>> one of the names on port 443.
>>
>> The start of the section in my ssl.conf goes like this:
>>
>>
>> <VirtualHost _default_:443>
>> ServerName nameprotected.domain.edu:443
>> ServerAdmin me at domain.edu
>> DocumentRoot /var/www/docs/nameprotected
>>
>>
>> nameprotected.domain.edu is a DNS CNAME to the actual host.
>>
>> How do folks do SSL and virtual hosts? multiple IP addresses is not
>> an option for me.
>>
>
> This is how I do it:
> NameVirtualHost IP.AD.DR.ESS:443
>
> <VirtualHost IP.AD.DR.ESS:443>
> SSLEngine On
> SSLCertificateFile path/to/domain.crt
> SSLCertificateKeyFile path/to/domain.key
> ServerName domain.tld
> ServerAdmin webmaster at domain.tld
> DocumentRoot /path/to/webroot
> ErrorLog /path/to/logs/errors.log
> CustomLog /path/to/logs/access.log combined
> </VirtualHost>
>
> Rick
SSLCertificateChainFile /path/to/chain/chain.crt
I don't know much about the ssl stuff, I just know if I'm missing the
chain file I have issues with the key not being correctly recognised.
More information about the CentOS
mailing list