LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-09-2005, 03:15 PM   #1
IwantLINUX
Member
 
Registered: Oct 2004
Location: India
Distribution: RH9,Fedora
Posts: 75

Rep: Reputation: 15
Ssl


Hello,

Can someone let me know why is that sometimes we need to install the security certificates, from particular client, and then only we can access their https://URL, whereas on certain sites which return https://URL we do not install any security certificates but are still able to open them e.g. hotmail.

Also any good links on this topic, please let me know.
 
Old 07-09-2005, 06:25 PM   #2
tuxrules
Senior Member
 
Registered: Jun 2004
Location: Chicago
Distribution: Slackware64 -current
Posts: 1,153

Rep: Reputation: 60
This might help you

Tux,
 
Old 07-09-2005, 06:50 PM   #3
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,284

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Basically, some certificates (signed by well known big name firms) are already recognized by your browser. That's why you don't have to inspect and approve them. If you look around in your browser's documentation, you should be able to find out which ones these are.
 
Old 07-10-2005, 08:20 AM   #4
IwantLINUX
Member
 
Registered: Oct 2004
Location: India
Distribution: RH9,Fedora
Posts: 75

Original Poster
Rep: Reputation: 15
Hi,

Tnx tux, for a useful link. I found one very helpful link http://www.vanemery.com/Linux/Apache/apache-SSL.html

But i am confused about one thing, in this one key has been generated for CA in step 1 and another key for the web server in step 2. Confusion is which key will take part in secure transfer of data and what is the use of CA key? Also, in case of practical scnerio, 3rd command of step 2 will br run by CA, right?
 
Old 07-11-2005, 02:17 PM   #5
IwantLINUX
Member
 
Registered: Oct 2004
Location: India
Distribution: RH9,Fedora
Posts: 75

Original Poster
Rep: Reputation: 15
Hi,

first txn to all for the help, i am now able to setup my secure test site. But
there is a problem, my non secure website (www.xyz.com) and secure website(abc.xyz.com)
are both hosted on same machine. This machine is also acting as DNS server and the IP
given to them is 10.13.241.23. This machine is listening on ports 80 and 443.
When i type https://abc.xyz.com it takes me to the secure webpage, which is fine.
But when I type https://www.xyz.com, it again takes me to the same
secure page, which i don't want. This site is non-secure and should give a message
for the same. My SSL.conf entry is:

<VirtualHost abc.xyz.com:443>

# General setup for the virtual host
DocumentRoot "/var/www/ssl" (my SSL index.html resides here)
ServerName abc.xyz.com:443
ServerAdmin me@xyz.com
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log

Pls let me know what am i doing wrong. If any further information is required pls let me know.
 
Old 07-11-2005, 02:24 PM   #6
phil.d.g
Senior Member
 
Registered: Oct 2004
Posts: 1,192

Rep: Reputation: 101Reputation: 101
The s in https specifies the secure http protocol, remove that s and it will take you to your normal page.
 
Old 07-12-2005, 12:20 AM   #7
IwantLINUX
Member
 
Registered: Oct 2004
Location: India
Distribution: RH9,Fedora
Posts: 75

Original Poster
Rep: Reputation: 15
exactly phil.d.g, i know that, but don't you think that it should have given me an error, when i am using http(s) with a non secure website? Why am i being directed to the secure page?
 
Old 07-12-2005, 03:48 AM   #8
phil.d.g
Senior Member
 
Registered: Oct 2004
Posts: 1,192

Rep: Reputation: 101Reputation: 101
You should have got a message saying that this certificate is for abc.com and you are connecting to www.abc.com and it is possible that someone is trying to redirect you.

Apart from that everything will work. You can't use name based with mod_ssl because the secure connection must be made before your browser communicates with apache. Search google for more details.

Using https:// will connect you to the secure website regardless of what domain you use aslong as the DNS 'A' record points to the IP address of your server. In both circumstances you are ocnnecting to the secure website, only when you drop the s in https do you connect to the unsecure website
 
Old 07-12-2005, 07:05 AM   #9
IwantLINUX
Member
 
Registered: Oct 2004
Location: India
Distribution: RH9,Fedora
Posts: 75

Original Poster
Rep: Reputation: 15
So you mean that if i am using same IP for my secure and non secure website, then i am using name based virtual hosting?

PS: my main website www.xyz.com is in httpd.conf (DocumentRoot /var/www/html) and abc.xyz.com in ssl.conf (VirtualHost abc.xyz.com:443)?

I think i will have to assign multiple IPs to the machine...
 
Old 07-12-2005, 09:57 AM   #10
tuxrules
Senior Member
 
Registered: Jun 2004
Location: Chicago
Distribution: Slackware64 -current
Posts: 1,153

Rep: Reputation: 60
I've read exactly what you are talking about in O'Reilly's Apache Cookbook. Unfortunately, I don't remember it exactly and i dont have the book either. If you can lay your hands on that book or can google it.

Tux,
 
Old 07-12-2005, 11:30 AM   #11
phil.d.g
Senior Member
 
Registered: Oct 2004
Posts: 1,192

Rep: Reputation: 101Reputation: 101
Lets forget about the secure site for one minute, and just focus on the none secure website.

Name based virtual hosting is where you have more than 1 domain pointing to your server and all the domains 'A' records point to the same IP, the server (apache) knows which wesbite to server the browser because of the host specified by the browser.

IP based hosting is where you have multiple IP addresses all point to the same server and each domain you have has its 'A' record point to one of those IPs, the IP has only one domain associated with it, apache then decides which wesbite to serve depending on which IP the request was for.

Now think about your secure site, name based virtual hosting does not work because a secure connection and the certificate need to be sent and established before the request with the http host is sent to apache. So to have multiple secure websites you need to use IP based hosting.

You can treat your non-secure section and secure section of httpd.conf completely separately and indepantly. Indeed you can have two configuration files and have apache running twice, one instance to look after your normal sites, and one to look after your secure sites.

If you want a better or more clear explanation than buy a book or search google, there are loads of articles lying around
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vsFTPd - SSL connection and dynamic SSL ports toxoplasme Linux - Server 11 08-22-2008 11:50 PM
apache2 - ssl : connection via ssl interrupted ldp Linux - Software 0 10-02-2005 10:07 AM
Using SSL in C RohanShrivastav Programming 4 05-10-2005 03:45 AM
SSL + C++ karlan Programming 0 04-07-2004 09:19 PM
L.a.m.p.ssl wldkos Linux - Software 0 04-06-2003 03:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration