1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 5:10 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Struggling with SSL VHost

         

oswald_yang

12:47 pm on Apr 20, 2010 (gmt 0)

10+ Year Member



Hi All,

I'm having troube implementing SSL on a vhost. I've implemented it on many a server before and with no issues, but for some reason it just won't work on this one.

I've a default vhost with: 

NameVirtualHost *:80
<VirtualHost *:80>


and a default SSL vhost with: 

NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem


When I browse to the server address it opens the default page via https it offers me the certificate, ie. all is well. But this vhost just won't play along: 

<VirtualHost *:443>
 DocumentRoot /web/example/html
 ServerName example.org.za
 ServerAlias www.example.org.za example.pl.example2.co.za
 ErrorLog /logs/example.log/example.errors
 CustomLog /logs/example.log/example.log
 Alias /pics/ /web/example/pics/
 Alias /cm_pics/ /web/example/cm_pics/
 AddHandler server-parsed .inc
 AddHandler server-parsed .htm
 AddHandler server-parsed .html
 AddType application/x-httpd-php .php

 SSLEngine on
 SSLCertificateFile /etc/apache2/ssl/ssl.crt
 SSLCertificateKeyFile /etc/apache2/ssl/ssl.key

 <Directory /web/example/html>
 Options Includes ExecCGI FollowSymlinks
 XBitHack on
 AllowOverride All
 Order allow,deny
 Allow from all
 </Directory>
</VirtualHost>


This should work, but when I browse to http://example.org.za/ it initially connects to port 80 (which is fine) and when I click on a page it forces port 443 (which is fine, but currently disabled), BUT it gives me an error that says: 

Secure Connection Failed
An error occurred during a connection to www.example.com.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)


Now I've tried SO many things and read about this on many forums but I'm not able to crack this. ANY help would be greatly appreciated... please :) If you need to see any other configs let me know.

Thanks,
Charl

[edited by: jdMorgan at 2:52 pm (utc) on Apr 20, 2010]
[edit reason] Please use example.com only. See TOS and Charter. [/edit]

jdMorgan

3:02 pm on Apr 20, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



These problems make my head hurt. Id' suggest that you remove or comment-out all directives not necessary to serve the SSL home page -- get rid of the ServeAlias and Alias directives, etc. Simplify, divide, and conquer.

Whichever vHost matches first will be served. If none match, the first vHost will be selected by default.

Note that a mod_alias setting of Deny,Allow is generally far more useful than "Allow,Deny." As an example, the former allows overriding IP-based access denials so that your custom 403-Forbidden error page and your robots.txt file can be served to unwelcome clients. This prevents server 403-403-403-500-Error looping in the first case, and prevents storms of 403-Forbidden responses in the second case, where a poorly-coded robot may interpret any response other than a valid robots.txt file as constituting carte-blanche to spider the site...

Jim

dmwaff

12:30 am on Apr 23, 2010 (gmt 0)

10+ Year Member



You can't do name-based virtual hosting with SSL because of the encryption, Apache will not know which VirtualHost container and certificate to properly use to decrypt the packets. For HTTP it is fine. ServerAlias is also just used for NameVirtualHost (HTTP) not IP-Based.

NameVirtualHost *:80
<VH *:80>
Servername www.example.com
ServerAlias www.cname.example.com
</VH>

# You need to use IP-Based .
<VirtualHost 1.2.3.4:443>
ServerName www.example.com
...
...
SSLCertificateFile /path/www.example.com.pem
SSLCertificateKeyFile /path/www.example.com.key
...
...
</VirtualHost>
<VirtualHost 5.6.7.8:443>
Servername www1.example.com
SSLCertificateFile /path/www1.example.com.pem
SSLCertificateKeyFile /path/www1.example.com.pem
</VirtualHost>
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 5:10 am May 2, 2026