Problem setting up multiple SSL domains.

[Npickle]

Greetings,
So what I am trying to do is not new, I have come across a couple of posts on this site and some notes at apache.org that go over this, still I am not doing something right. I have one apache 1.3.29 server and I want to run two different sites off of it both having their own domain name and IP. They are

http://www.mysite.com

and

http://www.mysite.org

right now when I try those URLs the site comes up but in both cases it is pointing to the

http://www.mysite.com

DocumentRoot.

So I tried to grab everything that looked relative to the problem out of the conf file:

<IfDefine SSL>
	AddModule mod_ssl.c
</IfDefine>

### Section 2: 'Main' server configuration
Listen 80
<IfDefine SSL>
	Listen 443
</IfDefine>
ServerName [URL unfurl="true"]www.mysite.com[/URL]
DocumentRoot /usr/local/mysite/PHPsite/apache/htdocs
UseCanonicalName On

### Section 3: Virtual Hosts
# .com defined
NameVirtualHost ###.###.###.194
<VirtualHost ###.###.###.194>
	ServerName [URL unfurl="true"]www.mysite.com[/URL]
	ServerAlias mysite.com *.mysite.com
	DocumentRoot /usr/local/mysite/PHPsite/apache/htdocs
	Port 80
</VirtualHost>

NameVirtualHost ###.###.###.208
<VirtualHost ###.###.###.208>
	ServerName [URL unfurl="true"]www.mysite.org[/URL]
	ServerAlias mysite.org *.mysite.org
	DocumentRoot /usr/local/mysite/PHPsite/apache/htdocs/dotorg
	Port 80
</VirtualHost>

<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
</IfDefine>

<IfModule mod_ssl.c>
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/usr/local/mysite/PHPsite/apache/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/usr/local/mysite/PHPsite/apache/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog      /usr/local/mysite/PHPsite/apache/logs/ssl_engine_log
SSLLogLevel error
</IfModule>

<IfDefine SSL>
<VirtualHost ###.###.###.194>
#  General setup for the virtual host
DocumentRoot /usr/local/mysite/PHPsite/apache/htdocs
ServerName [URL unfurl="true"]www.mysite.com[/URL]
ServerAdmin webmaster@mysite.com
ErrorLog /usr/local/mysite/PHPsite/apache/logs/error_log
TransferLog /usr/local/mysite/PHPsite/apache/logs/access_log
Port 443
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/mysite/PHPsite/apache/conf/ssl.crt/[URL unfurl="true"]www_mysite_com.crt[/URL]
SSLCertificateKeyFile /usr/local/mysite/PHPsite/apache/conf/ssl.key/server.key
SSLCACertificateFile /usr/local/mysite/PHPsite/apache/conf/ssl.crt/ComodoSecurityServicesCA.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/mysite/PHPsite/apache/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog /usr/local/mysite/PHPsite/apache/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost> 

#.org
<VirtualHost ###.###.###.208>
DocumentRoot /usr/local/mysite/PHPsite/apache/htdocs/dotorg
ServerName [URL unfurl="true"]www.mysite.org[/URL]
ServerAlias mysite.org *.mysite.org
ServerAdmin webmaster@mysite.com
ErrorLog  /usr/local/mysite/PHPsite/apache/logs/org-error_log
CustomLog /usr/local/mysite/PHPsite/apache/logs/org-access_log combined
Port 443
SSLCertificateFile /usr/local/mysite/PHPsite/apache/conf/[URL unfurl="true"]www.mysite.org/www_mysite_org.crt[/URL]
SSLCertificateKeyFile /usr/local/mysite/PHPsite/apache/conf/ssl.key/server.key
SSLCACertificateFile /usr/local/mysite/PHPsite/apache/conf/[URL unfurl="true"]www.mysite.org/ComodoSecurityServicesCA.crt[/URL]
</VirtualHost>
</IfDefine>

Another question is this: I do all of my development on a local box that mirrors the production server. Of course this server has all a different IPs than the ones assigned to the production server. How do I test to see if the SSL virtual hosts are working on the dev machine before I post it to the production server?

Thanks
Jim

 

[Wullie]

Hi mate,

On your SSL domains, try using the IP rather than the domain for each ServerName.

ServerName 123.123.123.123

As for the dev machine, you would probably be best to use a search replace function to change the IPs over.

Hope this helps

Wullie

Fresh Look - Quality Coldfusion Hosting

http://www.tutorial-world.com

The pessimist complains about the wind. The optimist expects it to change. The leader adjusts the sails. - John Maxwell

 

[ericbrunson]

I think you may need to specify port on your virtual host tag.

Here's how I make mine work:

<VirtualHost [URL unfurl="true"]www.domain.com:443>[/URL]
    ServerAdmin webmaster@domain.com
    SSLEngine on
    SSLCertificateFile /usr/local/apache2/conf/ssl.crt/[URL unfurl="true"]www.domain.com.crt[/URL]
    SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
</VirtualHost>

<VirtualHost [URL unfurl="true"]www.domain.com:80>[/URL]
    ServerAdmin webmaster@domain.com
    ServerAlias [URL unfurl="true"]www.domain.com,[/URL] domain.com
</VirtualHost>

I'm not saying it's right, I'm just saying it works.

 

[Npickle]

Ok so I tried both of those things and really did not get anywhere.
However I do have something that might shed some light on all of this to someone.

So I declare all of the SSL stuff between <IfDefine SSL> tags. If I do this:

<VirtualHost _default_:443>
all the settings for .com
</VirtualHost>

I can go to

https://www.mysite.com

or

https://www.mysite.org.

However both end up taking the setting defined in _defualt_ so both point to the DocumentRoot for

http://www.mysite.com.

Now if I start the same setting with this instead:

NameVirtualHost 216.183.121.194:443
<VirtualHost 216.183.121.194:443>

http:// calls work to both sites but if you try https:// you get an “This page can not be displayed” error. Basically telling me that SSL is not running.

Any ideas? Thanks.
Jim

 

[Npickle]

If I set ServerName to 216.###.###.### then I can't get the host to resolve at all. Seems like I am taking steps backwards here.
Jim