I'm using CentOS 5.3 with Apache 2.2.3

I recently obtained a signed SSL certificate from Comodo.

When I turn the SLL engine on, the SSL works on port 443 no problem. - But when I try to go to other virtual addresses from my virtual hosts, they are all SSL and won't allow regular http.

For example, on port 80, I have a non secure site http://myserver.com. On port 443, I have a secure site https://mysecureserver.com

As soon as I turn SSL engine to "on" in the ssl.conf file, I can properly go to https://mysecureserver.com (and everything works...says its secure etc.) but if I try to go to http://myserver.com it says:

"Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please."

I have my servers setup as follows:

default server:
port: any
address: any
server name: myserver.com

virtual server1:
port: 80
address: http://myserver.com
server name: myserver.com

virtual server2:
port: 443
address: http://mysecureserver.com
server name: myserver.com


Here are the pertinent things in my ssl.conf:

Listen: *:443

<VirtualHost mysecureserver.com:443>

# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on

SSLProtocol all -SSLv2


# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile server.com.crt

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile server.com.key

# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile server-bundle

# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
SSLCACertificateFile server.crt


# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10



</VirtualHost>

You need these
along with the vhosts definitions that should be changed to:
<VirtualHost *:80>
ServerName myserver.com
...
</VirtualHost>

<VirtualHost *:443>
ServerName myserver.com
...
</VirtualHost>

Now I get this when trying to start apache:

Starting httpd: [error] VirtualHost myserver.com:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results

[error] VirtualHost mysecureserver.com:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results

[error] VirtualHost myserver.com:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results

[FAILED]

here's the config in webmin:

Attached Thumbnails

 

I cannot say from the webmin screenshot what's wrong.
You have to check httpd.conf and any included vhosts files that all use the same notation (in this case *:80 for non secure and *:443 for secure vhosts) and in the NameVirtualHost directive(s).

Okay .. thanks for the help ... attached are my httpd.conf and ssl.conf files (used webmin to configure these...so I wouldn't be surprised if there's lots of wrong stuff in there..but other than my SSL problem, it works).

After making a backup of the 2 files change the following:
If you need also the vhost *:4727, then you must add that port in the Listen directive and also add another NameVirtualHost.
Check also the other config files in conf.d/*.conf, there should be the definitions for vhosts listening on port 80.

***EDIT***
Looking at the vhosts examples, it looks like apache wants 2 different Listen directives to specify 2 different ports

Thanks, can you be a bit more specific with the above ... I'm assuming you are expecting me to plug this into a synthax, but I am a newbie...

if I just copy/paste the exact lines above in the files, I get synthax errors

You don't have to copy/paste, but you must edit the specified directives accordingly and add the ones that don't exist.
So in httpd.conf you replace "NameVirtualHost 64.15.74.92" with the 2 lines:
Replace "<VirtualHost servername:80>" with:
Also it's better to add
in this file and not in ssl.conf.

In ssl.conf remove "Listen *:80", change "Listen *:443", to:
and <VirtualHost secureservername:443> to

GREAT .. that worked... now I can get the non ssl site on port 80 and I can get the SSL site on port 443. .. BUT .. now I get an error when loading the SSL site ..it's still secure but I get this in a popup:

"You have requested an encrypted page that contains non encrypted information" Information that you see or enter on this site could be easily seen by a 3rd party"...

Did not get that error before when loading the SSL...

In my ignorant views here, I am thinking maybe it's because somehow now the secure site is being partially loaded on port 80 ?

Nevermind, I figued it out. I had some links in the SSL page that were defined as "http://blahblah.com" and with port 80 closed, they just didn't load up.

Now that it's open, they load up and are not secure.


Thanks again for your help!!