> Can someone give me an example config for a virtual host with SSL support
> using mod_ssl in this format:
>
> ServerAdmin admin@domain.com
> DocumentRoot /htdocs/somehost/
> ServerName somehost.domain.com
> ErrorLog logs/somehost-error_log
> CustomLog logs/somehost-access_log common
>
SSL is IP-based; that is, the SSL key exchange happens before the HTTP headers
are transmitted. Thus, your SSL host needs to be on a single IP address unique
to itself. (I suppose you could run other non-SSL sites on the same IP using
name-based VirtualHosting though.)
The SSL stuff will refuse to run/load unless you have specified the keys/cert-
ificates, etc. for that SSL site. This caused me a fair bit of grief until
I figured it out.
> Also, if anyone knows of a place to read some documentation on the subject
> I would be interested in that as well.
The documentation was not that great for the SSL support. Here is a config-
uration from a system of mine with SSL. Things have been changed to protect
the guilty:
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shm:/var/cache/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog logs/ssl_engine_log
SSLLogLevel warn
ServerAdmin asdf@ockers.net
DocumentRoot "/home/httpd/html/asdf"
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/asdf.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/asdf.key
ServerName asdf.ockers.net
DocumentRoot /home/httpd/html
ServerName default.host.name
ServerAdmin ockers@ockers.net
ErrorLog /var/log/httpd/error_log-ssl
TransferLog /var/log/httpd/access_log-ssl
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
--
Jim Ockers (ockers@ockers.net) Ask me about Linux!
Contact info: please see http://www.ockers.net/
Fight Spam! Join CAUCE (Coalition Against Unsolicited Commercial Email)
at http://www.cauce.org/ .