SSL not available, for no apparent reason

Gregory Nowak greg at romuald.net.eu.org
Fri Aug 20 20:41:07 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ok, personally, I think you're asking for trouble by using an asterisk
in your virtual host declarations. You've also got 2 different virtual
host declarations, both using an asterisk, but both having different
server names. Also, while the virtual host with the ip address is set
to listen on port 443, the asterisk hosts are not explicitly defined
to listen on port 80, and they should be.

So, let's take your 2 servers, and try to put things to rights. First,
and foremost, you cannot make up your host names, they need to have
valid dns records. Personally, since I only serve web pages for one
domain now, I prefer to do things by IP address, which simplifies
matters I think. So, in your httpd.conf, you should have something
like this.

NameVirtualHost atlas.placeholder.com
NameVirtualHost webmail.placeholder.com
NameVirtualHost 12.34.56.78

<VirtualHost atlas.placeholder.com:80>
bla, bla, bla
</VirtualHost>

<VirtualHost webmail.placeholder.com:80>
bla, bla, bla
</VirtualHost>

<VirtualHost 12.34.56.78:443>
bla, bla, bla
</VirtualHost>

The way the above is written, atlas.placeholder.com, and
webmail.placeholder.com would only be able to talk plain http on port
80. Also, the network interface with the address 12.34.56.78 would
only be able to talk https on port 443, but not http on port 80 (I
stand to be corrected on that). So,
if you for example want webmail.placeholder.com to talk both http on
port 80, and https on port 443, you need to define 2 separate virtual
hosts for webmail.placeholder.com on port 80, and another one on port
443 (I.E. <VirtualHost webmail.placeholder.com:80>
</VirtualHost>
<VirtualHost webmail.placeholder.com:443>
</VirtualHost>).

Once again, remember that atlas.placeholder.com, and
webmail.placeholder.com need to have valid A or CNAME records in
dns. Hth.

Greg


On Fri, Aug 20, 2004 at 06:12:37PM -0500, Luke Davis wrote:
> I sent this to modssl-users, but they do not appear to be actively 
> supporting that list any longer.
> 
> 
> Good Day:
> 
> I am running Debian stable, with the included packages.
> Apache version 1.3.26; mod-ssl version 2.8.9-2.4.
> 
> I am using a self-signed certificate for now, until testing proves 
> successful.
> 
> If I use openssl, with the s_client and s_server options, I can make a 
> successful connection through the local host.
> 
> However, apache, while it serves on port 80, does not appear to be serving 
> SSL documents.
> 
> Here are the contents of a couple files:
> 

- -- 
Free domains: http://www.eu.org/ or mail dns-manager at EU.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBJpoj7s9z/XlyUyARAoyJAJ4/bjudc63yQVdOdAod9hvvObRqigCgmSgn
l3wLsLfa1UWNi1OVrmGrg8M=
=WGQs
-----END PGP SIGNATURE-----




More information about the Speakup mailing list