[CLUE-Tech] mod_ssl and apache

Jeremiah Stanley miah at miah.org
Wed Nov 22 04:14:28 MST 2000 

Much appreciated! Now if the mod_ssl site would have told me that... ;)

JStanley

> > Can someone give me an example config for a virtual host with SSL support
> > using mod_ssl in this format:
> 
> > <VirtualHost somehost.domain.com>
> >     ServerAdmin admin at domain.com
> >     DocumentRoot /htdocs/somehost/
> >     ServerName somehost.domain.com
> >     ErrorLog logs/somehost-error_log
> >     CustomLog logs/somehost-access_log common
> > </VirtualHost>
> 
> SSL is IP-based; that is, the SSL key exchange happens before the HTTP headers
> are transmitted.  Thus, your SSL host needs to be on a single IP address unique
> to itself.  (I suppose you could run other non-SSL sites on the same IP using
> name-based VirtualHosting though.)
> 
> The SSL stuff will refuse to run/load unless you have specified the keys/cert-
> ificates, etc. for that SSL site.  This caused me a fair bit of grief until
> I figured it out.
> 
> > Also, if anyone knows of a place to read some documentation on the subject
> > I would be interested in that as well.
> 
> The documentation was not that great for the SSL support.  Here is a config-
> uration from a system of mine with SSL.  Things have been changed to protect
> the guilty:
> 
> <IfDefine SSL>
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
> </IfDefine>
> 
> <IfModule mod_ssl.c>
> SSLPassPhraseDialog  builtin
> SSLSessionCache         shm:/var/cache/ssl_scache(512000)
> SSLSessionCacheTimeout  300
> SSLMutex  file:/var/run/ssl_mutex
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLLog      logs/ssl_engine_log
> SSLLogLevel warn
> </IfModule>
> 
> <IfDefine SSL>
> 
> <VirtualHost 1.62.83.124:443>
>         ServerAdmin asdf at ockers.net
>         DocumentRoot "/home/httpd/html/asdf"
>         SSLEngine on
>         SSLCertificateFile    /etc/httpd/conf/ssl.crt/asdf.crt
>         SSLCertificateKeyFile /etc/httpd/conf/ssl.key/asdf.key
>         ServerName asdf.ockers.net
> </VirtualHost>
> 
> <VirtualHost _default_:443>
> DocumentRoot /home/httpd/html
> ServerName default.host.name
> ServerAdmin ockers at ockers.net
> ErrorLog /var/log/httpd/error_log-ssl
> TransferLog /var/log/httpd/access_log-ssl
> SSLEngine on
> SSLCertificateFile    /etc/httpd/conf/ssl.crt/server.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> </VirtualHost>
> 
> </IfDefine>
> 
> --
> Jim Ockers (ockers at ockers.net)                     Ask me about Linux!
> Contact info: please see http://www.ockers.net/
> 
> Fight Spam! Join CAUCE (Coalition Against Unsolicited Commercial Email)
> at http://www.cauce.org/ .
> 
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
> 

-- 
Use GnuPG! -- http://www.gnupg.org
Get my key at http://www.miah.org/miah.asc

More information about the clue-tech mailing list