Server version: Apache/2.2.3
Server built: Mar 27 2010 13:52:09 and I'm running CentOS 5 Code:
ls -l /etc/pki/tls/certs/primary.com.crt Also selinux is disabled. |
I'm not familiar with Centos, so cannot tell what's wrong with your setup.
Reading the documentation here and here, I saw that it uses the key/cert files in both the main and the vhost part of the configuration. I guess this is done because it somehow it defines a default ssl vhost. Are you sure you don't have a _default_server (or wildcard server "*:443) that needs the certificates be in /etc/pki/tls/certs. Without the output of "apachectl -S", we cannot be sure if that's the case. You can check the *.conf files for something like: "<Virtualhost _default_:443>" or "<VirtualHost *.443> Regards |
There is a default section in ssl.conf, here is what my ssl.conf contains: http://pastebin.com/33Z3mP6p pretty much the default I'm pretty sure all the guy before me did was add the key files here. also after commenting out the files I get the following with apachectl -S
Code:
VirtualHost configuration: |
Also I have to add the 2nd SSL vhost is not configured since apache will not even start with it configured, thats why you only see the primary in the above output.
|
Quote:
You want an IP-based vhost. Remove the Code:
NameVirtualHost *.443 Also better replace Quote:
Code:
<VirtualHost x.x.x.1:443> |
Still not getting the server to start with the 2nd ssl,
I did not create the ssl certs, the web developer did, I killed the server, added configuration for the secondary domain and fired the server up, I got the following printed to the error_log, this seams to me like and issue with the keys... am I correct in assuming this? Code:
[Wed Apr 07 18:36:53 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) |
Yup, that means that the vhost2 certificate and key do not match.
You can run Code:
openssl x509 -noout -text -in /etc/pki/tls/certs/secondary.com.crt -modulus I guess this is a self-signed certificate, so you can create a new one, using the server key. If you do so, make sure also that the CN used matches the vhost2 ServerName, so you don't get the warning about Quote:
|
Thanks for the help! I figured out the problem, it was the last line of the below segment, that SSLEngine was uncommented, when the default template had the SSLEngine set to on it needed a default cert. once I turned that off I was able to comment out the cert the web developer added in the head of the ssl.conf file and specify the 2nd vhost for ssl in httpd.conf. =)
Code:
<VirtualHost _default_:443> |
All times are GMT -5. The time now is 04:27 PM. |