apache - SSL over FQDN vs IP -

August 15, 2011

apache 2.2, centos 6, godaddy ssl (multi domain).

setting godaddy ssl (multi domain) on apache 2.2 on centos, have working ssl (https) site if navigate server via ip address. if try resolve domain name (sub.domain.com) following browser msg:

this webpage not available
err_connection_refused

i have logging set warn , have no warnings or errors in logs ssl site.

i confused , have searched , follow many resolutions issue , still cannot site resolve on https using fqdn.

any directions or suggestions greatly. below ssl.conf apache:

loadmodule ssl_module modules/mod_ssl.so  listen 443  sslpassphrasedialog  builtin  sslsessioncache         shmcb:/var/cache/mod_ssl/scache(512000) sslsessioncachetimeout  300  sslmutex default  sslrandomseed startup file:/dev/urandom  256 sslrandomseed connect builtin  sslcryptodevice builtin  <virtualhost _default_:443>  documentroot "/var/www/webdata/aaa.bbb.com" servername register.g1e.com:443  errorlog /var/www/webdata/aaa.bbb.com/logs/ssl_error_log transferlog /var/www/webdata/aaa.bbb.com/logs/ssl_access_log loglevel warn  sslengine on  sslprotocol -sslv2  sslciphersuite all:!adh:!export:!sslv2:rc4+rsa:+high:+medium:+low  sslcertificatefile /etc/pki/tls/certs/aaa.bbb-com.crt  sslcertificatekeyfile /etc/pki/tls/private/aaa.bbb-com.key  <files ~ "\.(cgi|shtml|phtml|php3?)$">     ssloptions +stdenvvars </files> <directory "/var/www/cgi-bin">     ssloptions +stdenvvars </directory>   setenvif user-agent ".*msie.*" \          nokeepalive ssl-unclean-shutdown \          downgrade-1.0 force-response-1.0   customlog logs/ssl_request_log \           "%t %h %{ssl_protocol}x %{ssl_cipher}x \"%r\" %b"  </virtualhost>

etan,

thank responses. here found , luck , few conversations knowledgeable friends lead thinking.

for amazon ec2 load balanced servers given ip address server. if use route53 provided alias name stack address. resolves 2 new ip addresses related alias name. creates , issue because ssl listening on 443 server ip , traffic come in on alias ip(s).

to resolve went zone domain in route53 , set record name static ip of server , did not use alias ipv4 name.

funny how few conversations drive try new things , wham! figure out.

thank replay , consider post resolved.

i came across news multiple ssl on single ip today might others...

https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm

only thing remember aws ec2 servers set dns static public ip of server , not use load balancer stack ip or endpoint alias dns records.

marcus

Search This Blog

JVParth

apache - SSL over FQDN vs IP -

Comments

Post a Comment

Popular posts from this blog

toolbar - How to add link to user registration inside toobar in admin joomla 3 custom component -

linux - disk space limitation when creating war file -

How to provide Authorization & Authentication using Asp.net, C#? -