[CentOS] ssl and NameVirtualHost

Thu Apr 10 01:34:43 UTC 2008
Ross Cavanagh <ross-cavanagh at bm-sms.co.jp>

Rick Barnes wrote:
> Tony Schreiner wrote:
>> I recently aquired a Verisign SSL certificate for my web server on 
>> Centos 4, with apache 2.0.59 from centosplus.
>> It however doesn't seem to be working the way I've set it up, 
>> browsers connect but are told the certiticate is not recognized. 
>> Showing more info, the information looks  correct.
>> I think it has probably to do with the fact that I'm using the 
>> certificate on a virtual named host, and I wonder If any body has 
>> experience doing this? A few places in the apache documentation 
>> suggest that SSL cannot be used with name based virtual hosting, but 
>> I don't if that means, not at all, or not with multiple named hosts.
>> I have multiple NameVirtualHost on port 80, but will only plan to use 
>> one of the names on port 443.
>> The start of the section in my ssl.conf goes like this:
>> <VirtualHost _default_:443>
>>     ServerName nameprotected.domain.edu:443
>>     ServerAdmin me at domain.edu
>>     DocumentRoot /var/www/docs/nameprotected
>> nameprotected.domain.edu  is a DNS CNAME to the actual host.
>> How do folks do SSL and virtual hosts? multiple IP addresses is not 
>> an option for me.
> This is how I do it:
> NameVirtualHost IP.AD.DR.ESS:443
> <VirtualHost IP.AD.DR.ESS:443>
>     SSLEngine On
>     SSLCertificateFile path/to/domain.crt
>     SSLCertificateKeyFile path/to/domain.key
>     ServerName domain.tld
>     ServerAdmin webmaster at domain.tld
>     DocumentRoot /path/to/webroot
>     ErrorLog /path/to/logs/errors.log
>     CustomLog /path/to/logs/access.log combined
> </VirtualHost>
> Rick
SSLCertificateChainFile /path/to/chain/chain.crt

I don't know much about the ssl stuff, I just know if I'm missing the 
chain file I have issues with the key not being correctly recognised.