Archive for May 18th, 2011
In my first post about Ubuntu, Apache, VirtualHosts, and SSL I covered generating self-signed certificates and implementing them for Apache VirtualHosts. What I didn’t cover was — if you implemented this without a correct base configuration — you’d end up with some unexpected results if you tried to visit your base domain over SSL.
It’s simple to resolve this. First, edit /etc/apache2/ports.conf and modify as follows:
# If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. + NameVirtualHost *:443 Listen 443
If you were reading closely, you know what to do next. Modify sites-available/default-ssl file and change the
directive as follows:
Now, restart apache:
Your base SSL domain will now display the expected DocumentRoot, but the certificate will contain the URL
localhost.localdomain. To fix this run, as root:
make-ssl-cert generate-default-snakeoil --force-overwrite
— From /usr/share/doc/apache2.2-common/README.Debian.gz
If you install the ssl-cert package, a self-signed certificate will be
automatically created using the hostname currently configured on your computer.
You can recreate that certificate (e.g. after you have changed /etc/hosts or
DNS to give the correct hostname) as user root with:
make-ssl-cert generate-default-snakeoil –force-overwrite
Questions, comments, and feedback regarding this guide and welcome!