Comments on: Virtual Hosts and Wildcard SSL Certificates with Apache 2.2 http://www.cb1inc.com/2008/09/11/virtual-hosts-and-wildcard-ssl-certificates-with-apache-2-2/ Fri, 12 Mar 2010 09:09:05 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Warwick http://www.cb1inc.com/2008/09/11/virtual-hosts-and-wildcard-ssl-certificates-with-apache-2-2/comment-page-1/#comment-114 Warwick Wed, 30 Nov -0001 00:00:00 +0000 #comment-114 The "export" command was truncated in the post above. Should have been:   export SAN='DNS:[base-domain-name]' Eg,   export SAN='DNS:site-a.com' The “export” command was truncated in the post above. Should have been:
  export SAN=’DNS:[base-domain-name]‘
Eg,
  export SAN=’DNS:site-a.com’

]]> By: Warwick http://www.cb1inc.com/2008/09/11/virtual-hosts-and-wildcard-ssl-certificates-with-apache-2-2/comment-page-1/#comment-115 Warwick Wed, 30 Nov -0001 00:00:00 +0000 #comment-115 If you want browsers to be happy with the certificate when hitting the base domain (site-a.com), you might want to look at signing the certificate with a subjectAlternativeName set to the base domain as well. My openssl.conf has "subjectAltName=${ENV::SAN}" in the [ usr_crt ] section, and I set the environment variable (eg "export SAN='DNS:<alt-domain-name>'") before running the openssl commands to create the certificate. If you want browsers to be happy with the certificate when hitting the base domain (site-a.com), you might want to look at signing the certificate with a subjectAlternativeName set to the base domain as well.

My openssl.conf has “subjectAltName=${ENV::SAN}” in the [ usr_crt ] section, and I set the environment variable (eg “export SAN=’DNS:‘”) before running the openssl commands to create the certificate.

]]> By: Chris Barber http://www.cb1inc.com/2008/09/11/virtual-hosts-and-wildcard-ssl-certificates-with-apache-2-2/comment-page-1/#comment-121 Chris Barber Wed, 30 Nov -0001 00:00:00 +0000 #comment-121 I ran into a similar problem just the other day with redirects. Your config looks good. The problem was browser cache. I had to empty my cache and restart my browser and then the redirects worked. I ran into a similar problem just the other day with redirects. Your config looks good. The problem was browser cache. I had to empty my cache and restart my browser and then the redirects worked.

]]> By: hackbard http://www.cb1inc.com/2008/09/11/virtual-hosts-and-wildcard-ssl-certificates-with-apache-2-2/comment-page-1/#comment-122 hackbard Wed, 30 Nov -0001 00:00:00 +0000 #comment-122 I configured my sites-enabled conf like yours, direkt SSL is working fine, but if I go to www.domain.com or xyz.domain.com I see a bad request (400) and a redirect to https://domain.com regardless what subdomain I used. (so the redirect is not working and www.domain.com didn't work too) only the direkt SSL will work like https://test.domain.com the wildcard certificate works well with the direkt SSL connection, so it have to be the config :hmm: I'm not sure if the fcgi config have to be on every VirtualHost 1 NameVirtualHost 84.200.208.192:80 2 NameVirtualHost 84.200.208.192:443 3 4 <VirtualHost 84.200.208.192:80 84.200.208.192:443> 5 ServerName suretodie.de 6 ServerAlias www.suretodie.de 7 ServerAdmin admin@suretodie.de 8 DocumentRoot /var/www/web1/web/ 9 10 <IfModule mod_fcgid.c> 11 SuexecUserGroup web1 web1 12 PHP_Fix_Pathinfo_Enable 1 13 <Directory /var/www/web1/web/> 14 Options +ExecCGI 15 AllowOverride All 16 AddHandler fcgid-script .php 17 FCGIWrapper /var/www/php-fcgi-scripts/web1/php-fcgi-starter .php 18 Order allow,deny 19 Allow from all 20 </Directory> 21 </IfModule> 22 23 # ErrorLog /var/log/apache2/error.log 24 # CustomLog /var/log/apache2/access.log combined 25 ServerSignature Off 26 27 SSLEngine On 28 SSLCertificateFile /etc/apache2/ssl/suretodie.crt 29 SSLCertificateKeyFile /etc/apache2/ssl/suretodie.key 30 31 </VirtualHost> 32 33 #Redirects 34 # Not SSL, redirect to https://qmail.suretodie.de 35 <VirtualHost 84.200.208.192:80> 36 ServerName qmail.suretodie.de 37 Redirect / https://qmail.suretodie.de/ 38 </VirtualHost> 39 40 <VirtualHost 84.200.208.192:80> 41 ServerName webmail.suretodie.de 42 Redirect / https://webmail.suretodie.de/ 43 </VirtualHost> 44 45 46 <VirtualHost 84.200.208.192:443> 47 ServerName qmail.suretodie.de 48 ServerAdmin admin@suretodie.de 49 DocumentRoot /var/www/web1/qmailad/ 50 51 <IfModule mod_fcgid.c> 52 SuexecUserGroup web1 web1 53 PHP_Fix_Pathinfo_Enable 1 54 <Directory /var/www/web1/qmailad/> 55 Options +ExecCGI 56 AllowOverride All 57 AddHandler fcgid-script .php 58 FCGIWrapper /var/www/php-fcgi-scripts/web1/php-fcgi-starter .php 59 Order allow,deny 60 Allow from all 61 </Directory> 62 </IfModule> 63 64 # ErrorLog /var/log/apache2/error.log 65 # CustomLog /var/log/apache2/access.log combined 66 ServerSignature Off 67 </VirtualHost> 68 69 <VirtualHost 84.200.208.192:443> 70 ServerName webmail.suretodie.de 71 ServerAdmin admin@suretodie.de 72 DocumentRoot /var/www/web1/webmail/ 73 74 <IfModule mod_fcgid.c> 75 SuexecUserGroup web1 web1 76 PHP_Fix_Pathinfo_Enable 1 77 <Directory /var/www/web1/webmail/> 78 Options +ExecCGI 79 AllowOverride All 80 AddHandler fcgid-script .php 81 FCGIWrapper /var/www/php-fcgi-scripts/web1/php-fcgi-starter .php 82 Order allow,deny 83 Allow from all 84 </Directory> 85 </IfModule> 86 87 # ErrorLog /var/log/apache2/error.log 88 # CustomLog /var/log/apache2/access.log combined 89 ServerSignature Off 90 </VirtualHost> I configured my sites-enabled conf like yours, direkt SSL is working fine, but if I go to http://www.domain.com or xyz.domain.com I see a bad request (400) and a redirect to https://domain.com regardless what subdomain I used. (so the redirect is not working and http://www.domain.com didn’t work too) only the direkt SSL will work like https://test.domain.com the wildcard certificate works well with the direkt SSL connection, so it have to be the config :hmm: I’m not sure if the fcgi config have to be on every VirtualHost

1 NameVirtualHost 84.200.208.192:80
2 NameVirtualHost 84.200.208.192:443
3
4
5 ServerName suretodie.de
6 ServerAlias http://www.suretodie.de
7 ServerAdmin admin@suretodie.de
8 DocumentRoot /var/www/web1/web/
9
10
11 SuexecUserGroup web1 web1
12 PHP_Fix_Pathinfo_Enable 1
13
14 Options +ExecCGI
15 AllowOverride All
16 AddHandler fcgid-script .php
17 FCGIWrapper /var/www/php-fcgi-scripts/web1/php-fcgi-starter .php
18 Order allow,deny
19 Allow from all
20
21
22
23 # ErrorLog /var/log/apache2/error.log
24 # CustomLog /var/log/apache2/access.log combined
25 ServerSignature Off
26
27 SSLEngine On
28 SSLCertificateFile /etc/apache2/ssl/suretodie.crt
29 SSLCertificateKeyFile /etc/apache2/ssl/suretodie.key
30
31
32
33 #Redirects
34 # Not SSL, redirect to https://qmail.suretodie.de
35
36 ServerName qmail.suretodie.de
37 Redirect / https://qmail.suretodie.de/
38
39
40
41 ServerName webmail.suretodie.de
42 Redirect / https://webmail.suretodie.de/
43
44
45
46
47 ServerName qmail.suretodie.de
48 ServerAdmin admin@suretodie.de
49 DocumentRoot /var/www/web1/qmailad/
50
51
52 SuexecUserGroup web1 web1
53 PHP_Fix_Pathinfo_Enable 1
54
55 Options +ExecCGI
56 AllowOverride All
57 AddHandler fcgid-script .php
58 FCGIWrapper /var/www/php-fcgi-scripts/web1/php-fcgi-starter .php
59 Order allow,deny
60 Allow from all
61
62
63
64 # ErrorLog /var/log/apache2/error.log
65 # CustomLog /var/log/apache2/access.log combined
66 ServerSignature Off
67
68
69
70 ServerName webmail.suretodie.de
71 ServerAdmin admin@suretodie.de
72 DocumentRoot /var/www/web1/webmail/
73
74
75 SuexecUserGroup web1 web1
76 PHP_Fix_Pathinfo_Enable 1
77
78 Options +ExecCGI
79 AllowOverride All
80 AddHandler fcgid-script .php
81 FCGIWrapper /var/www/php-fcgi-scripts/web1/php-fcgi-starter .php
82 Order allow,deny
83 Allow from all
84
85
86
87 # ErrorLog /var/log/apache2/error.log
88 # CustomLog /var/log/apache2/access.log combined
89 ServerSignature Off
90

]]> By: hackbard http://www.cb1inc.com/2008/09/11/virtual-hosts-and-wildcard-ssl-certificates-with-apache-2-2/comment-page-1/#comment-131 hackbard Wed, 30 Nov -0001 00:00:00 +0000 #comment-131 sry for that copy crap, here is a better pastebin http://pastebin.com/m5a3d5201 you can delete my other post "I configured my sites-enabled conf like yours, direkt SSL is working fine, but if I go to www.domain.com or xyz.domain.com I see a bad request (400) and a redirect to https://domain.com regardless what subdomain I used. (so the redirect is not working and www.domain.com didn't work too) only the direkt SSL will work like https://test.domain.com the wildcard certificate works well with the direkt SSL connection, so it have to be the config :hmm: I'm not sure if the fcgi config have to be on every VirtualHost" greets hackbard sry for that copy crap, here is a better pastebin
http://pastebin.com/m5a3d5201
you can delete my other post

“I configured my sites-enabled conf like yours, direkt SSL is working fine, but if I go to http://www.domain.com or xyz.domain.com I see a bad request (400) and a redirect to https://domain.com regardless what subdomain I used. (so the redirect is not working and http://www.domain.com didn’t work too) only the direkt SSL will work like https://test.domain.com the wildcard certificate works well with the direkt SSL connection, so it have to be the config :hmm: I’m not sure if the fcgi config have to be on every VirtualHost”

greets hackbard

]]> By: hackbard http://www.cb1inc.com/2008/09/11/virtual-hosts-and-wildcard-ssl-certificates-with-apache-2-2/comment-page-1/#comment-132 hackbard Wed, 30 Nov -0001 00:00:00 +0000 #comment-132 Hi Chris! I checked it with deleted cache in IE and Firefox, the same as before. With the IE nothing is shown, no error, no redirect, no index :hmm: In firefox the same as belwo shows up. I don't get whats wrong :hmm: my second domain shows the same error in FF, "go to https://suretodie.de" :hmm:² Hi Chris!

I checked it with deleted cache in IE and Firefox, the same as before. With the IE nothing is shown, no error, no redirect, no index :hmm:
In firefox the same as belwo shows up.

I don’t get whats wrong :hmm:

my second domain shows the same error in FF, “go to https://suretodie.de

:hmm:²

]]> By: hackbard http://www.cb1inc.com/2008/09/11/virtual-hosts-and-wildcard-ssl-certificates-with-apache-2-2/comment-page-1/#comment-136 hackbard Wed, 30 Nov -0001 00:00:00 +0000 #comment-136 I think I've got it. I splittet up the first vhost entry like this: http://pastebin.com/m3eceb493 After that the bad Requests gone away and the little Indian Apache works. Thx for your help and config. Greetz hackbard I think I’ve got it. I splittet up the first vhost entry like this:
http://pastebin.com/m3eceb493
After that the bad Requests gone away and the little Indian Apache works.
Thx for your help and config.

Greetz hackbard

]]> By: Chris Barber http://www.cb1inc.com/2008/09/11/virtual-hosts-and-wildcard-ssl-certificates-with-apache-2-2/comment-page-1/#comment-137 Chris Barber Wed, 30 Nov -0001 00:00:00 +0000 #comment-137 Hmm, well, that was easy. Good thinking! Hmm, well, that was easy. Good thinking!

]]>