I run a web server with Apache 2.2. Right now I have two virtual hosts- one for port 80 and the other for port 443. Both are using the same documentroot. First question: is this a problem that they have the same documentroot path?

I have a <Location> </Location> tags setup for the part of the URL that will require SSL and PKI login in the VH for the site on 443.

I'm trying to setup PKI for login purposes to the admin side of our CMS, but am having conflicts.

Second question, all the setting right now for SSL (SSLCertificateFile, SSLCertificateChainFile location files, etc) are in a file called vhosts.conf within the Virtual Hosts tags. Second question: should all of these settings be in the ssl.conf or does it not matter as long as the main httpd.conf includes the vhosts.conf file?

Sorry if this is hard to make out. Bottom line, I need to setup PKI (CAC login) for the admin side of our web server's Content-Mangement system and I'm having trouble. I have the require cert and key file and all that.

Thanks.

You can have apache bind to multiple ip addresses and ports and still share the same content where all vhosts entries point to the same file system location.

It does not matter as long as files are included. From a clarity point of view thought it would be less confusing to have the SSL global stuff defined in the ssl.conf.

What are your specific conflicts? Which CMS are you trying to deploy?

I only partially understand what you're saying here. It is only 1 server with 1 IP address we're using. The conf files were setup before I got here. For some reason there are two virtual hosts setup (both setup in vhosts.conf), one for port 80 and another for port 443, but both are pointing to the same documentroot folder. I guess you're saying that's it's okay to have both Vhosts pointing to the same directory. Is that correct?

That's what I thought. Some guy told me that the problem might be that I had everything setup in the vhosts.conf file and not the ssl.conf file, but that didn't make sense to me.


When a content manager tries to log into the admin site of the CMS with the CAC card, it asks for their PIN, and the load page bar at the bottom loads up to 100%, but then nothing happens, the page doesn't come up, it just stays where it is.

The CMS is eZ Publish. A company in Norway (www.ez.no).

Here is what I need to setup: I want the normal site, which is accessible to the public without login or anything. That's the vhosts for port 80, obviously. So, let's say that the URL is "www.blah.com". Then I need the admin site to be CAC accessible only. The admin site's URL is "www.blah.com/admin". So whenever someone goes to www.blah.com/admin, it will ask for their CAC PIN and check their certs. I've got the <Location> </Location> tags in there for this. Right now we're using username and password log in for the admin side. This would be the vhost for port 443. I have the certificate I need and all that.

Another thing is that the main httpd.conf file had documentroot set to a different location than the one setup in the vitual hosts. Is this a problem? Thanks for your help.

Yes.

You need to define a rewrite rule such that any traffic coming to port 80 targeting /admin be rerouted to https://www.blah.com/admin. That would be defined in the port 80 vhost section.