ssl.conf and multiple ssl certificastes on Apache
I'm trying to set up a 2nd SSL cert on a different domain on a server, each domain has its own IP address, the problem is the Web developer that configured the first domain specified ssl keys for the primary domain in both the vhost config in httpd.conf AND in the ssl.conf config files. If I attempt to remove the keys form ssl.conf the server will not start up. and with them there It will not start up if I specify keys for the secondary domain. any ideas would be much apreciated.
ssl.conf Code:
LoadModule ssl_module modules/mod_ssl.so |
Hi,
In general you can setup an IP based ssl vhost like this: <VirtualHost 1.1.1.1:443> ServerName vhost1.domain.com DocumentRoot /path/to/vhost1/docroot ... SSLEngine on SSLCertificateFile /path/to/certs/vhost1.crt SSLCertificateKeyFile /path/to/certs/vhost1.key ... </VirtualHost> I guess you cannot remove the keys from ssl.conf, because the existing vhost is the default one, but without ssl.conf and httpd.conf (or at least the relevant parts of them) we cannot tell for sure. You should take a look at error_log for details. |
Quote:
|
As a start, post the existing vhost definition, the ssl related stuff in httpd.conf and the ssl.conf.
|
Quote:
Quote:
Quote:
|
Hi,
Do the 2 vhosts work when you leave uncommented the sslcertificate directives in ssl.conf? Is this snippet, defining the 2 vhosts inside httpd.conf? Have you tried moving the ssl vhosts part into ssl.conf? This is at least, how ssl vhosts are defined in my apache. |
Quote:
|
The ssl.conf file has a "VirtualHost" definition. If you want to comment out the keys portion in this file you need to comment out the whole "VirtualHost" definition. Comment from "<VirtualHost>" to "</VirtualHost>". I came across this issue lastweek when adding a SSL cert to a host that had a key previously defined by the last admin.
|
Quote:
I just attempted bathory's suggestion of moving the vhost definitions into the ssl.conf file but upon a reload of httpd it reloaded successfully and the site stopped working, this was in the error log after the reload, I restored original files and restarted the server to get everything back working. Code:
[Mon Apr 05 09:54:32 2010] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] |
Quote:
|
I think that the current apache configuration does not support IP-based vhosts
What is the output of: Code:
apachectl -S |
Quote:
Code:
Syntax error on line 13 of /etc/httpd/conf.d/ssl.conf: (obviously I'm swapping actual domain names with primary and secondary) |
Are you sure that both httpd.conf and ssl.conf use the same SSLCertificateFile (/etc/pki/tls/certs/primary.com.crt) and that the apache user can read the certificate?
Code:
ls -l /etc/pki/tls/certs/primary.com.crt Code:
openssl verify /etc/pki/tls/certs/primary.com.crt |
Quote:
Code:
web01 ~ # grep SSLCertificateFile /etc/httpd/conf.d/ssl.conf Quote:
Code:
web01 ~ # openssl verify /etc/pki/tls/certs/primary.com.crt |
You didn't post the output of
Quote:
What distro are you using and what apache version? If you comment out the 2 ssl lines from ssl.conf what gives "apachectl -S"? |
All times are GMT -5. The time now is 04:58 PM. |