Jump to content

Recommended Posts

i set up apache2 for a site and configured ssl with the <VirtualHost *:443> directive, which worked.

 

after setting up name-based virtualhosts ssl is not working anylonger, all requests to https give me a 403 status code for all registered sites?

 

why is that?

 

<VirtualHost *:443>

    ServerName site.with.https

.....

</VirtualHost>

 

should still give me permission to use https for site.with.https. why is access forbidden (403)? to i adjust ssl-virtual host when having switched on NameVirtualHost?

 

thanks

You cant easily use name based virtual hosts for ssl. This is due to the SSL cert which needs to be negoiated before the actual virtual host is accessed.

Therefore, only 1 ip address and host can be used for ssl.

 

I did however manage to get it working on my debian box, albeit giving errors in error.log.

 

Here is one of my vhosts:

 

ServerName server.com

 

NameVirtualHost *:80

NameVirtualHost *:443

 

<VirtualHost *:80>

//Typical Config

</VirtualHost>

 

<VirtualHost *:443>

//Typical COnfig

SSLEngine On

SSLCertificateFile /etc/apache2/ssl/apache.pem

</VirtualHost>

 

Hope it helps. Google will also produce more info on ssl and vhosts.

 

-steve

thanks.

 

your post told me that i configured things correctly in the first place. so i had a look to something else, and blime it was another little problem: i forgot to set directory access rights inside 443 ssl-vhost (inside <Directory>) wrong, so the ominous 403 error occurred.

 

now things work, but as you i get a warning too ([warn] NameVirtualHost *:80 has no VirtualHosts)

 

ssl not working could be quite tricky in future for us, for it could be possible that more apps (different DocumentRoot parts through virtual host) need to serve different ssl-connections and certificates. and as far as i got it right this won't work with ssl (lookup to url is done after ssl-certificate is transmitted).

 

maybe TLS could be a solution for that?

 

 

Not sure about TLS.

 

SSL with vhosts should continue to work for the next while. A wildcard ssl cert should prevent the client from seeing any errors.

 

If I had to use 1 ip address for 1 vhost, then I would probably set it up like:

 

https://secure.provider.com

and serve things out from that.

 

-steve

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.