manolo_asdf Posted December 21, 2007 Share Posted December 21, 2007 i set up apache2 for a site and configured ssl with the <VirtualHost *:443> directive, which worked. after setting up name-based virtualhosts ssl is not working anylonger, all requests to https give me a 403 status code for all registered sites? why is that? <VirtualHost *:443> ServerName site.with.https ..... </VirtualHost> should still give me permission to use https for site.with.https. why is access forbidden (403)? to i adjust ssl-virtual host when having switched on NameVirtualHost? thanks Quote Link to comment Share on other sites More sharing options...
steviewdr Posted December 23, 2007 Share Posted December 23, 2007 You cant easily use name based virtual hosts for ssl. This is due to the SSL cert which needs to be negoiated before the actual virtual host is accessed. Therefore, only 1 ip address and host can be used for ssl. I did however manage to get it working on my debian box, albeit giving errors in error.log. Here is one of my vhosts: ServerName server.com NameVirtualHost *:80 NameVirtualHost *:443 <VirtualHost *:80> //Typical Config </VirtualHost> <VirtualHost *:443> //Typical COnfig SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.pem </VirtualHost> Hope it helps. Google will also produce more info on ssl and vhosts. -steve Quote Link to comment Share on other sites More sharing options...
manolo_asdf Posted December 23, 2007 Author Share Posted December 23, 2007 thanks. your post told me that i configured things correctly in the first place. so i had a look to something else, and blime it was another little problem: i forgot to set directory access rights inside 443 ssl-vhost (inside <Directory>) wrong, so the ominous 403 error occurred. now things work, but as you i get a warning too ([warn] NameVirtualHost *:80 has no VirtualHosts) ssl not working could be quite tricky in future for us, for it could be possible that more apps (different DocumentRoot parts through virtual host) need to serve different ssl-connections and certificates. and as far as i got it right this won't work with ssl (lookup to url is done after ssl-certificate is transmitted). maybe TLS could be a solution for that? Quote Link to comment Share on other sites More sharing options...
steviewdr Posted December 24, 2007 Share Posted December 24, 2007 Not sure about TLS. SSL with vhosts should continue to work for the next while. A wildcard ssl cert should prevent the client from seeing any errors. If I had to use 1 ip address for 1 vhost, then I would probably set it up like: https://secure.provider.com and serve things out from that. -steve Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.