I'm using CentOS 5.3 with Apache 2.2.3
I recently obtained a signed SSL certificate from Comodo.
When I turn the SLL engine on, the SSL works on port 443 no problem. - But when I try to go to other virtual addresses from my virtual hosts, they are all SSL and won't allow regular http.
For example, on port 80, I have a non secure site
http://myserver.com. On port 443, I have a secure site
https://mysecureserver.com
As soon as I turn SSL engine to "on" in the ssl.conf file, I can properly go to
https://mysecureserver.com (and everything works...says its secure etc.) but if I try to go to
http://myserver.com it says:
"Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please."
I have my servers setup as follows:
default server:
port: any
address: any
server name: myserver.com
virtual server1:
port: 80
address:
http://myserver.com
server name: myserver.com
virtual server2:
port: 443
address:
http://mysecureserver.com
server name: myserver.com
Here are the pertinent things in my ssl.conf:
Listen: *:443
<VirtualHost mysecureserver.com:443>
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile server.com.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile server.com.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile server-bundle
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
SSLCACertificateFile server.crt
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
</VirtualHost>