Virtual Host with SSL [resolved]
Posted by: jeromeip (---.fbx.proxad.net)
Date: December 11, 2017 08:18PM

Hi there,

I'm trying to set up my WAMP configuration in order to access (locally) to my website in SSL.
I'm running Wamp 3.1.0 64 bits on Windows10 with Apache 2.4.27

I've followed a few web tutorials so that I've been able to install a certificate and now, my wamp server answers SSL requests with no error.

The "only" issue I have is that I'm accessing the Wamp homepage instead of my site's homepage when I use HTTPS.

My ssl_error.log displays these two warnings but, as they are just warning, I considered them not significant:
[Mon Dec 11 19:48:29.460229 2017] [ssl:warn] [pid 11808:tid 448] AH01906: kui.burk.fr:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Dec 11 19:48:29.460229 2017] [ssl:warn] [pid 11808:tid 448] AH01909: kui.burk.fr:443:0 server certificate does NOT include an ID which matches the server name

My httpd-vhosts.conf (customized through the WAMP web interface) shows:
<VirtualHost *:80>
ServerName kui.burk.fr
DocumentRoot "d:[MY DIRECTORY FOR THIS SITE]/htdocs"
<Directory "d:[MY DIRECTORY FOR THIS SITE]/htdocs/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
</VirtualHost>

I tried to add to httpd-ssl.conf these lines at the end, with no success:
<VirtualHost *:443>
ServerName kui.burk.fr
DocumentRoot "d:[MY DIRECTORY FOR THIS SITE]/htdocs"
<Directory "d:[MY DIRECTORY FOR THIS SITE]/htdocs/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
</VirtualHost>

What did I miss???

Thanks for your help.



Edited 1 time(s). Last edit at 12/11/2017 11:38PM by jeromeip.

Options: ReplyQuote
Re: Virtual Host with SSL
Posted by: Otomatic (Moderator)
Date: December 11, 2017 09:11PM

Hi,

I am not an SSL specialist, but I think if you want a VirtualHost on port 443, you have to tell Apache to listen on this port.
For internal auditing issues, it is not possible to add port 443 with Wampserver built-in tools (Right-Click -> Tools -> Add a listen port to Apache).
You have to do it manually by editing the httpd.conf file to add, under the Listen 80 lines to obtain:
#Listen 12.34.56.78:80
Listen 0.0.0.0:80
Listen [::0]:80
Listen 0.0.0.0:443
Listen [::0]:443

On the other hand, you can not have two VirtualHost with the same ServerName. Remember that if you modify a ServerName, you must postpone this new name in the hosts file and perform (By internal Wampserver tools) a DNS restart.

------------------------------------------------------------------------------------------------------------
Wampserver 3.1.3 32 bit - Apache 2.4.33 - PHP 7.2.4/7.1.16/7.0.29/5.6.35 - MySQL 5.7.22 - MariaDB 10.2.14
Wampserver 3.1.3 64 bit - Apache 2.4.33 - PHP 7.2.4/7.1.16/7.0.29/5.6.35 - MySQL 5.7.22 - MariaDB 10.2.14
PhPMyAdmin 4.8.0 - MysqlDumper 1.24.5
on W10 and W7 Pro 64 bit
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
« Ce n'est pas parce qu'ils sont nombreux à avoir tort, qu'ils ont forcément raison. Coluche »
« It's not because they are many to be wrong, they are necessarily right. Coluche »

Options: ReplyQuote
Re: Virtual Host with SSL
Posted by: jeromeip (---.fbx.proxad.net)
Date: December 11, 2017 09:39PM

Thank you for the answer, Ottomatic.
Apache is nicely listening on the 443 port. I've double checked with a "netstat -a -o", but the evidence is that https://[my localhost site] is served... but not with the expected content (i.e. Wamp default homepage and not my site homepage).

So, where I stand, my hypothesis is that my Virtual Host definition on 443 port is not accurate... But so far I've not been able to locate a tutorial explaining how to configure this properly (curiously, all tutorials I've seen were silent on this point).

Options: ReplyQuote
Re: Virtual Host with SSL
Posted by: jeromeip (---.fbx.proxad.net)
Date: December 11, 2017 11:37PM

Allright, I finally found my mistake.
It came from a first error I interpreted wrongly... so I modified some settings and it was not the good one.

So, as a conclusion, what was missing was a proper
<Directory "blababla/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
directive in the httpd-ssl.conf.

But you somehow put me in the right direction for analysis saying "you can not have two VirtualHost with the same ServerName", Ottomatic !
Indeed, the distinction between the "http" and the "https" Server Name definitions in a ":443" appended to the name.
ServerName my.site.com in virtual host config file
and
ServerName my.site.com:443 in ssl config file

Options: ReplyQuote


Sorry, only registered users may post in this forum.