[Modules] Cannot seem to get Server Name Indication working...
Donovan J. Edye
donovan at edyeweb.com
Wed Dec 3 15:59:21 EST 2008
Hi Ray,
> it looks like you have the key and cert file directives commented out?
why?
>> <VirtualHost 116.212.64.71:443>
>> GnuTLSEnable on
>> GnuTLSPriorities NORMAL
>>
>> ServerName www.natiki.com.au
>> ServerAlias natiki.com.au
>> DocumentRoot /usr/local/www/webs/natiki_new
>> ErrorLog /var/log/ssl_www.natiki.com.au-error_log
>> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-agent}i\""
>>
>> TransferLog /var/log/ssl_www.natiki.com.au-transfer_log
>>
>> GnuTLSCertificateFile
>> /usr/local/etc/apache22/Includes/rapidssl.natiki.com.au.crt
>> GnuTLSKeyFile
>> /usr/local/etc/apache22/Includes/rapidssl.natiki.com.au.key
>>
>> #SSLEngine on
>> #SSLCertificateKeyFile
>> /usr/local/etc/apache22/Includes/rapidssl.natiki.com.au.key
>> #SSLCertificateFile
>> /usr/local/etc/apache22/Includes/rapidssl.natiki.com.au.crt
>> </VirtualHost>
I thought the GnuTLSCertificateFile directive relaced the SSLCertificateFile
directive seeing as though all the SSL auth is going through mod_gnutls?
--Donovan
www.natiki.com.au
-----Original Message-----
From: ray at cayuse.com [mailto:ray at cayuse.com]
Sent: Thursday, December 04, 2008 3:09 AM
To: donovan at edyeweb.com
Subject: Re: [Modules] Cannot seem to get Server Name Indication working...
no. if the browser doesn't support it then you are SOL.
it looks like you have the key and cert file directives commented out? why?
> Hi,
>
> Using FireFox 3 on Windows. As a side issue seeing as though browser
version
> is an issue is there any alternative to implement SNI that is browser
> agnostic?
>
> --Donovan
> www.natiki.com.au
>
>
> -----Original Message-----
> From: ray at cayuse.com [mailto:ray at cayuse.com]
> Sent: Wednesday, December 03, 2008 8:25 AM
> To: donovan at edyeweb.com
> Subject: Re: [Modules] Cannot seem to get Server Name Indication
working...
>
> might be your browser. IE6 and IE7 dont do SNI. IE7 does it on 64 bit
> windows but not 32bit. they just end up using the first cert in the conf
> file
> for everything. try FF2 or FF3
>
>> G'Day,
>>
>> - I have successfully compiled and installed mod_gnutls on FreeBSD 6.2 /
>> Apache/2.2.6 (FreeBSD)
>> - Module is loading and I see no errors in the logs and the conf location
>> has cache files being included in it.
>> - When I go to https://www.natiki.com.au I am returned the certificate
for
>> https://www.capitel.com.au
>>
>> I don't know how to turn on additional logging for mod_gnutls and can
> supply
>> logs if necessary. So what am I missing here?
>>
>> My config is as follows:
>>
>> 116.212.64.71:443 is a NameVirtualHost
>> default server www.capitel.com.au
>> (/usr/local/etc/apache22/Includes/host_donovan.conf:57)
>> port 443 namevhost www.capitel.com.au
>> (/usr/local/etc/apache22/Includes/host_donovan.conf:57)
>> port 443 namevhost www.natiki.com.au
>> (/usr/local/etc/apache22/Includes/host_donovan.conf:407)
>>
>> The virtual host blocks look as follows:
>>
>> # -- www.capitel.com.au ---------------------------------
>> <VirtualHost 116.212.64.71:80>
>> ServerName www.capitel.com.au
>> ServerAlias new.capitel.com.au capitel.com.au
>> DocumentRoot /usr/local/www/webs/capitel/www
>> ErrorLog /var/log/www.capitel.com.au-error_log
>> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-agent}i\""
>> TransferLog /var/log/www.capitel.com.au-transfer_log
>>
>> #Force to https always
>> RewriteEngine On
>> RewriteCond %{HTTPS} off
>> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
>> </VirtualHost>
>>
>> <VirtualHost 116.212.64.71:443>
>> GnuTLSEnable on
>> GnuTLSPriorities NORMAL
>>
>> ServerName www.capitel.com.au
>> ServerAlias capitel.com.au
>> DocumentRoot /usr/local/www/webs/capitel/www
>> ErrorLog /var/log/www.capitel.com.au-error_log
>> LogFormat "%h %l %u %t %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b
>> \"%{Referer}i\" \"%{User-agent}i\""
>> TransferLog /var/log/www.capitel.com.au-transfer_log
>>
>> GnuTLSCertificateFile
>> /usr/local/etc/apache22/Includes/servage.www.capitel.com.au.crt
>> GnuTLSKeyFile
>> /usr/local/etc/apache22/Includes/servage.www.capitel.com.au.key
>>
>> #SSLEngine on
>> #SSLCertificateKeyFile
>> /usr/local/etc/apache22/Includes/servage.www.capitel.com.au.key
>> #SSLCertificateFile
>> /usr/local/etc/apache22/Includes/servage.www.capitel.com.au.crt
>> </VirtualHost>
>> # -- www.capitel.com.au ---------------------------------
>>
>> # -- www.natiki.com.au ---------------------------------
>> <VirtualHost 116.212.64.71:80>
>> ServerName www.natiki.com.au
>> ServerAlias natiki.com.au
>> DocumentRoot /usr/local/www/webs/natiki_new
>> ErrorLog /var/log/www.natiki.com.au-error_log
>> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-agent}i\""
>> TransferLog /var/log/www.natiki.com.au-transfer_log
>> </VirtualHost>
>>
>> <VirtualHost 116.212.64.71:443>
>> GnuTLSEnable on
>> GnuTLSPriorities NORMAL
>>
>> ServerName www.natiki.com.au
>> ServerAlias natiki.com.au
>> DocumentRoot /usr/local/www/webs/natiki_new
>> ErrorLog /var/log/ssl_www.natiki.com.au-error_log
>> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-agent}i\""
>>
>> TransferLog /var/log/ssl_www.natiki.com.au-transfer_log
>>
>> GnuTLSCertificateFile
>> /usr/local/etc/apache22/Includes/rapidssl.natiki.com.au.crt
>> GnuTLSKeyFile
>> /usr/local/etc/apache22/Includes/rapidssl.natiki.com.au.key
>>
>> #SSLEngine on
>> #SSLCertificateKeyFile
>> /usr/local/etc/apache22/Includes/rapidssl.natiki.com.au.key
>> #SSLCertificateFile
>> /usr/local/etc/apache22/Includes/rapidssl.natiki.com.au.crt
>> </VirtualHost>
>> # -- /www.natiki.com.au --------------------------------
>>
>>
>> --Donovan
>> www.natiki.com.au
>>
>>
>>
>> _______________________________________________
>> Modules mailing list
>> Modules at lists.outoforder.cc
>> http://lists.outoforder.cc/mailman/listinfo/modules
>>
>
>
>
> _______________________________________________
> Modules mailing list
> Modules at lists.outoforder.cc
> http://lists.outoforder.cc/mailman/listinfo/modules
>
More information about the Modules
mailing list