Article Discussion: Installing Apache With SSL: The Complete Guide

Installing Apache With SSL: The Complete Guide If you have any questions or comments about this article then please post them here.

You can read the article here .

This solution sounds great and the article laid things out nicely. I'm left with concerns about security, however, among other things:

- Using this scenario for a testing platform, is there any obvious security concerns to be aware of, especially considering the server will be automatically running at all times in the background?

- Must IIS merely be stopped to make Apache stand as the default server, or does it have to be uninstalled altogether?

That's all I can think of for now. Thanks for the useful article!

I have managed to get it all set up and running OK with named virtual host over http. However, I am having problems with getting them to work over https. When I set a virtual host name, it always serves the first listed domain. See settings below. https:artbeatdev serves the correct folder, but https:localhost serves artbeatdev's documents

my settings:

<VirtualHost *:443>

DocumentRoot "C:/Development/artbeat"
ServerName artbeatdev
ServerAdmin webmaster@localhost
ErrorLog logs/ssl/error.log
TransferLog logs/ssl/access.log

SSLEngine on.......etc
</VirtualHost>

<VirtualHost *:443>

DocumentRoot "C:/Development"
ServerName localhost
ServerAdmin webmaster@localhost
ErrorLog logs/ssl/error.log
TransferLog logs/ssl/access.log

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on.....etc

you can keep iis installed as well apache. just change the port number to something other than 80 in apache or iis, if you plan to run them at the same time.

DocumentRoot "C:/Development/artbeat"
DocumentRoot "C:/Development"

your problem is you need to set it to one folder, so just put in DocumentRoot "C:/Development "
save it restart your server and it should be working fine.

i'm the author of this article i've tried the method out like a million times so i know it works.

I tried that. all that does is serve "c:/development" to both domains. I want it to use a different root folder for the different domain. I.E. generic https://localhost serves "c:/development", https://host1 serves "c:/development/host1files", https://host2 serves "c:/development/host2files" etc.

I get the following message in the event viewer - "The Apache service named C:\OpenSA\Apache\Apache.exe reported the following error:
>>> [Sun Dec 22 07:14:25 2002] [warn] _default_ VirtualHost overlap on port 443, the first has precedence <<<
before the error.log file could be opened.
More information may be available in the error.log file. . "

Error log - "[Sun Dec 22 07:28:36 2002] [warn] _default_ VirtualHost overlap on port 443, the first has precedence"

what operating system do you have? also may i ask, why do you want to use two diffrent folders, to serve your content just wondering.

OS=win2k

I use different folders for different sites that I am developing. Using a virtual host for each one allows me to make all of my URLs root-relative, so that my templates work however far up the tree they my documents go.

I have managed to get it to work using different ports (i.e. localhost at https://localhost:443 and artbeatdev at https://artbeatdev:444) If I can't get it to work through the default port, I'll try and use mod_rewrite to automatically switch ports for me (I don't know if that's possible, but I'll try)

so let me get this right, you are using iis to serve one of your test sites and apache for the other one?

also you shouldn't have to type in the :443 just https://artbeatdev/ on the 444 on you'll have to put that there.

also the port i was referring to was port 80 since, apache and iis run on that port, so change one of them to 81 or whatever to suit your needs.

NO, I'm using apache for both

I Know, that was just for illustration.

I am running apache as my server. I have set up the virtual host to work for multiple domains to work over http (e.g. http://localhost, http://artbeatdev etc)

What I want is to set them up so that they also work over https (e.g. https://localhost, https://artbeatdev etc)

I can't get this to work. However, if I set the different secure virtual hosts on different ports (and listen to that port) it works

<VirtualHost *:443>

DocumentRoot "C:/Development/artbeat"
ServerName artbeatdev
....etc
</VirtualHost>

<VirtualHost *:444>

DocumentRoot "C:/Development"
ServerName localhost
....etc
</VirtualHost>

As a work-around, so that i don't have the put the port number on the end all the time I am going to try to use mod_rewrite to do it for me

Your advice for starting SSL with the Apache service works on my Windows XP machine, but on the Windows 2000 Advanced Server, it prevents Apache from starting.

I get a little error/dialog box that says:

Could not start Apache service on Local Computer.
The service did not return an error. This could be an internal Windows error or an internal service error.
If the problem persists, contact your system administrator.

i have windows 2k advaned server as well and i didn't get that error at all.

I found the searchable OpenSA mailing list archives (finally), and the answer was to remove ALL of the <If SSL> type container tags in the httpd.conf file.

Also, if you don't have the problems I had, you can leave the httpd.conf file alone altogether and install a separate service for Apache-SSL with:

C:\Apache\Apache -i -n "Apache-SSL" -D SSL

Matt

lol if you read my article it would have told you to remove the <if ssl > in the conf file.

I read your article word for word. It says to remove only the one <IfDefine SSL> container surrounding the "LoadModule ssl_module modules/mod_ssl.so" statement.

For some reason, to make it work on Win 2k Server, I had to remove ALL of the SSL conditional container tags in the .conf file. That is, I removed the <IfDefine SSL> you mentioned and then two more <IfModule mod_ssl.c> container tag pairs.

I found the solution in the searchable OpenSA mailing-list archive: URL

Neither the OpenSA site or the Mail-Archive site have links to this searchable archive, so make note of that link.

Matt