[CLUE-Tech] mod_ssl and apache
Jeremiah Stanley
miah at miah.org
Wed Nov 22 04:14:28 MST 2000
Much appreciated! Now if the mod_ssl site would have told me that... ;)
JStanley
> > Can someone give me an example config for a virtual host with SSL support
> > using mod_ssl in this format:
>
> > <VirtualHost somehost.domain.com>
> > ServerAdmin admin at domain.com
> > DocumentRoot /htdocs/somehost/
> > ServerName somehost.domain.com
> > ErrorLog logs/somehost-error_log
> > CustomLog logs/somehost-access_log common
> > </VirtualHost>
>
> SSL is IP-based; that is, the SSL key exchange happens before the HTTP headers
> are transmitted. Thus, your SSL host needs to be on a single IP address unique
> to itself. (I suppose you could run other non-SSL sites on the same IP using
> name-based VirtualHosting though.)
>
> The SSL stuff will refuse to run/load unless you have specified the keys/cert-
> ificates, etc. for that SSL site. This caused me a fair bit of grief until
> I figured it out.
>
> > Also, if anyone knows of a place to read some documentation on the subject
> > I would be interested in that as well.
>
> The documentation was not that great for the SSL support. Here is a config-
> uration from a system of mine with SSL. Things have been changed to protect
> the guilty:
>
> <IfDefine SSL>
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl .crl
> </IfDefine>
>
> <IfModule mod_ssl.c>
> SSLPassPhraseDialog builtin
> SSLSessionCache shm:/var/cache/ssl_scache(512000)
> SSLSessionCacheTimeout 300
> SSLMutex file:/var/run/ssl_mutex
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLLog logs/ssl_engine_log
> SSLLogLevel warn
> </IfModule>
>
> <IfDefine SSL>
>
> <VirtualHost 1.62.83.124:443>
> ServerAdmin asdf at ockers.net
> DocumentRoot "/home/httpd/html/asdf"
> SSLEngine on
> SSLCertificateFile /etc/httpd/conf/ssl.crt/asdf.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/asdf.key
> ServerName asdf.ockers.net
> </VirtualHost>
>
> <VirtualHost _default_:443>
> DocumentRoot /home/httpd/html
> ServerName default.host.name
> ServerAdmin ockers at ockers.net
> ErrorLog /var/log/httpd/error_log-ssl
> TransferLog /var/log/httpd/access_log-ssl
> SSLEngine on
> SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> </VirtualHost>
>
> </IfDefine>
>
> --
> Jim Ockers (ockers at ockers.net) Ask me about Linux!
> Contact info: please see http://www.ockers.net/
>
> Fight Spam! Join CAUCE (Coalition Against Unsolicited Commercial Email)
> at http://www.cauce.org/ .
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
--
Use GnuPG! -- http://www.gnupg.org
Get my key at http://www.miah.org/miah.asc
More information about the clue-tech
mailing list