Comments on: Configuring HTTPS with virtual hosts

By: Richard

Richard — Wed, 27 Jan 2010 05:33:35 +0000

@Roberto, maybe during the compile fase there was an error with SSL and the module didn’t compile. Check the config.log for errors on SSL and check if the module is available in the modules directory. If it is there just put the line in httpd.conf.

By: Roberto

Roberto — Wed, 27 Jan 2010 01:53:41 +0000

Hi Richard question I dont have this line in my httpd.conf file:

LoadModule ssl_module modules/mod_ssl.so

So I cant uncomment it. How do I go about enabaling ssl_mod? Thanks in advance.

By: Richard

Richard — Tue, 15 Jul 2008 19:59:21 +0000

Sam in /etc/apache2 is the original configuration I didn't want to touch that. Same with the actual binaries, the diy install is in /usr/local just to not interfere with the original installation which might be overwritten by a update. If you want to start the original use the sharing pane in the system preference, otherwise use the launchd script from the site

By: Sam

Sam — Tue, 15 Jul 2008 11:28:49 +0000

Why you are using /etc/httpd… isn’t this an apache2 config? shouldn’t it be /etc/apache2?

With the diy setup, the Apache install on /usr/sbin is still there. Where do you set which apache is going to run on start? Maybe I haven’t dug deep enough… I’m guessing it’s a launchd thing.

By: vxbush

vxbush — Wed, 27 Jun 2007 16:20:40 +0000

I noticed when I did this that the httpd.conf file has the following just before the block:

# Secure (SSL/TLS) connections
# Include /etc/httpd/extra/httpd-ssl.conf

By uncommenting the second line and dealing with the settings in the file /etc/httpd/extra/httpd_ssl.conf, SSL worked just fine and it also isolates the settings for SSL. While I don’t have any need for a virtual host, this seems to work nicely.

Just a thunk….

By: Jeff

Jeff — Thu, 22 Feb 2007 15:33:00 +0000

One other thing I should add here is that if you set up multiple virtual hosts with SSL enabled, you will get warning messages in the log when you start/restart apache. Apache still handles the vhosts correctly and encrypts the connection – it just complains about it.

By: Jeff

Jeff — Thu, 22 Feb 2007 05:20:50 +0000

One important note to this: You can only use one certificate for your entire apache server – you cannot, for example set up https://www.example1.com and https://www.example2.com and have different certificates for them. Apache (any version) will ignore all but the first SSLCertificateFile and SSLCertificateKeyFile directives it encounters.

If you set up multiple virtual hosts with SSL, visitors to all but the one named in the certificate itself will get the warning about a possible security issue with the domain not matching the certificate (It’s not actually a problem – the connection is still encrypted, but users may not like seeing the warning).

The reason for this is that the SSL connection (say, with OpenSSL as on the Mac) has to be established BEFORE apache can process the request, since the request is sent encrypted. This means that the certificate is sent first, then the SSL negotiation takes place, then apache processes the request and finds the virtual host.

This is well documented at apache.org and several other sites (I’ll find links if you want….just ask…).

It’s not really a big problem ( I do this as Richard suggested and it works fine – and most of my users don’t care about the warnings), but I found it useful to know….especially after I spent several hours trying to fix the warnings!

I hope that helps someone….