SSL virtual Hosts

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

SSL virtual Hosts

Carlos Cruz

I hope for my first question my questions isn’t too stupid but I haven’t been able to figured out my problem. My problem is I have  about 10 virtual domains under the conf.d (Centos 6) directory with Apache HTTPD 2.2. SSL (only) virtual hosts don’t work if I used individual configuration files to define the virtual hosts. But all works as I understand it should work if I put all my SSL virtual hosts in 1 ssl.conf file in the same conf.d directory. can anyone tell me, or point me to the info, why multiple configuration files are not working for my SSL virtual hosts.

 

1 domain uses a wild card certificate

The other domains use basic single domain certificates.

 

Thx!

Carlos

 

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSL virtual Hosts

Yehuda Katz
Are any errors shown in the httpd logs?

Is httpd actually reading the files you create in the conf.d directory? I sometimes check that by putting gibberish in the config file and then running `httpd -t` to test the configuration.

What is the actual Include directive in httpd.conf that includes the conf.d files? Does it require the filenames end with `.conf`?
Does httpd have permission to read the new config files? Do you have selinux on and is it logging anything?

You can always run `httpd -S` to see what virtual hosts httpd found and where they are in the config.

- Y

On Fri, Jun 9, 2017 at 2:30 PM, Carlos Cruz <[hidden email]> wrote:

I hope for my first question my questions isn’t too stupid but I haven’t been able to figured out my problem. My problem is I have  about 10 virtual domains under the conf.d (Centos 6) directory with Apache HTTPD 2.2. SSL (only) virtual hosts don’t work if I used individual configuration files to define the virtual hosts. But all works as I understand it should work if I put all my SSL virtual hosts in 1 ssl.conf file in the same conf.d directory. can anyone tell me, or point me to the info, why multiple configuration files are not working for my SSL virtual hosts.

 

1 domain uses a wild card certificate

The other domains use basic single domain certificates.

 

Thx!

Carlos

 


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: SSL virtual Hosts

Carlos Cruz

Hi Yehuda;

 

I know for sure it’s reading the non ssl configuration files, because all they do is forward to the SSL URL and that works and it’s reading the ssl.conf file that I just append the virtual host definition at the end of the file.

 

I’m going to try your suggestions see what I get… thanks for the suggestions!

 

Carlos

 

From: Yehuda Katz [mailto:[hidden email]]
Sent: Friday, June 9, 2017 2:46 PM
To: [hidden email]
Subject: Re: [users@httpd] SSL virtual Hosts

 

Are any errors shown in the httpd logs?

 

Is httpd actually reading the files you create in the conf.d directory? I sometimes check that by putting gibberish in the config file and then running `httpd -t` to test the configuration.

 

What is the actual Include directive in httpd.conf that includes the conf.d files? Does it require the filenames end with `.conf`?

Does httpd have permission to read the new config files? Do you have selinux on and is it logging anything?

 

You can always run `httpd -S` to see what virtual hosts httpd found and where they are in the config.

 

- Y

 

On Fri, Jun 9, 2017 at 2:30 PM, Carlos Cruz <[hidden email]> wrote:

I hope for my first question my questions isn’t too stupid but I haven’t been able to figured out my problem. My problem is I have  about 10 virtual domains under the conf.d (Centos 6) directory with Apache HTTPD 2.2. SSL (only) virtual hosts don’t work if I used individual configuration files to define the virtual hosts. But all works as I understand it should work if I put all my SSL virtual hosts in 1 ssl.conf file in the same conf.d directory. can anyone tell me, or point me to the info, why multiple configuration files are not working for my SSL virtual hosts.

 

1 domain uses a wild card certificate

The other domains use basic single domain certificates.

 

Thx!

Carlos

 

 

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSL virtual Hosts

Ian Pilcher
In reply to this post by Carlos Cruz
On 06/09/2017 01:30 PM, Carlos Cruz wrote:

> I hope for my first question my questions isn’t too stupid but I haven’t
> been able to figured out my problem. My problem is I have  about 10
> virtual domains under the conf.d (Centos 6) directory with Apache HTTPD
> 2.2. SSL (only) virtual hosts don’t work if I used individual
> configuration files to define the virtual hosts. But all works as I
> understand it should work if I put all my SSL virtual hosts in 1
> ssl.conf file in the same conf.d directory. can anyone tell me, or point
> me to the info, why multiple configuration files are not working for my
> SSL virtual hosts.
>
> 1 domain uses a wild card certificate
>
> The other domains use basic single domain certificates.

I suspect that all domains are actually using the wildcard certificate
when you use a single file.  That's the only way that I can see this
working.

The SSL session is established *before* the client sends any HTTP
request to the server, so the server has to choose which certificate to
present to the client before it knows the hostname that the client is
using.  Thus, *named* virtual hosts don't work over SSL.  (There's an
extension called SNI that addresses this, but you didn't mention it, so
I assume that you're not using it.)

--
========================================================================
Ian Pilcher                                         [hidden email]
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSL virtual Hosts

Yehuda Katz
HTTPD doesn't care how many files your configuration uses. You can include as many <VirtualHost> directives in a single file as you want.
To quote from [the documentation](https://httpd.apache.org/docs/current/configuring.html):
>  In addition, other configuration files may be added using the Include directive, and wildcards can be used to include many configuration files. Any directive may be placed in any of these configuration files.

The only time you need more than one config file is if you are running more than one httpd process on a single server. You can then specify which configuration file each one should read to start up using the `-f` parameter.

- Y

On Sat, Jun 10, 2017 at 6:33 PM, Ian Pilcher <[hidden email]> wrote:
On 06/09/2017 01:30 PM, Carlos Cruz wrote:
I hope for my first question my questions isn’t too stupid but I haven’t been able to figured out my problem. My problem is I have  about 10 virtual domains under the conf.d (Centos 6) directory with Apache HTTPD 2.2. SSL (only) virtual hosts don’t work if I used individual configuration files to define the virtual hosts. But all works as I understand it should work if I put all my SSL virtual hosts in 1 ssl.conf file in the same conf.d directory. can anyone tell me, or point me to the info, why multiple configuration files are not working for my SSL virtual hosts.

1 domain uses a wild card certificate

The other domains use basic single domain certificates.

I suspect that all domains are actually using the wildcard certificate
when you use a single file.  That's the only way that I can see this
working.

The SSL session is established *before* the client sends any HTTP
request to the server, so the server has to choose which certificate to
present to the client before it knows the hostname that the client is
using.  Thus, *named* virtual hosts don't work over SSL.  (There's an
extension called SNI that addresses this, but you didn't mention it, so
I assume that you're not using it.)

--
========================================================================
Ian Pilcher                                         [hidden email]
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


Loading...