Results 1 to 5 of 5

Thread: Apache and SSL

  1. #1

    Question Apache and SSL

    Hello everyone and thank you for taking the time to read this message,

    I am running FreeBSD 4.8 and Apache 2. Could someone please explain to me or refer me to the proper documentation on how to run both SSL and non-SSL web services on the same server?

    I have successfully enabled SSL with Apache2, but the server will not accept non-SSL connections. Similarly, I have successfully managed to have Apache serve non-SSL pages without a problem. I just can't seem to figure out how to get Apache2 to serve both secure and non-secure pages for different name based virtual hosts. I've read that this is not possible with name based virtual hosting...

    So, I thought I would need to run two copies of Apache but I can't seem to get that to function either (keep getting 'PID **** already in use' messages even though I have specified different locations for the PID files).

    So, should I be running two copies of Apache? Do I need a separate IP address for the SSL-enabled web serving? How can Apache2 serve both secure and non-secure pages? How does everyone here offer their clients SSL access and normal non-SSL hosting?

    Thank you.

  2. #2
    Join Date
    Aug 2002
    Superior, CO, USA
    You're going to want to have two hosts defined in your configuration file. The SSL host will have to be on an IP address by itself as SSL cannot handle name based virtual hosting. The non-SSL host will be able to be on your "main" IP. This will all be served by one Apache server, in one configuration file.

    If you built Apache 2 with SSL support there should be a ssl.conf along with the httpd.conf. Take a look in there for some more information.

  3. #3
    Join Date
    Feb 2002
    Vestal, NY
    Some people do like to run a seperate apache daemon for SSL. One for SSL, one for non-SSL, but you do only NEED one.

  4. #4

    Now Apache2 is running SSL and non-SSL

    Okay, the answer was to point SSL to a separate IP. Now I can run everything with one daemon (my preferred method). Thanks for the advice.

    Two more questions:

    1. How can I serve both SSL and non SSL content for a single domain? For example if I have DNS point to the SSL IP for a domain, how can I also serve non-SSL content for the same domain?

    2. Can the IP I specified as SSL serve more than one name based server? I think I need another IP for each domain I intend to serve with SSL and I could specify this IP in the ssl.conf file. Or am I limited to just one SSL name based virtual server?

    Thanks for all of your help

  5. #5
    Join Date
    Feb 2002
    Vestal, NY
    A good trick would be something like this: Make the SSL vhost's home directory one level down from where you plan to store your name-based or IP-based sites. For example, if you store your sites in /www/sitename, you can make the document root for the SSL host /www, then you can access the other sites either normally or through SSL by typing This is how shared SSL hosting usually works.
    Or if you put the site content in users' home directories, you can make the SSL host's document root whatever you want and just type in to reach your other sites.
    You can install a seperate SSL certs for each IP-based site and access it through http or https as described below, but you cannot install separate certs on name-based domains (however my above tricks will work with name-based domains).

    To use both http and https on IP-based sites, you simply make vhost entries like this:


    for the SSL version of the site and then you need the directives like this:

    SSLCertificateFile /usr/share/ssl/certs/sitename.crt
    SSLCertificateKeyFile /usr/share/ssl/private/sitename.key
    SSLLogFile /var/log/sitename

    Then, you can make a 2nd VirtualHost container for the non-ssl version like this:

    ServerName sitename
    etc etc...

    Hope this helps.
    Last edited by John[H4Y]; 04-01-2004 at 07:59 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts