PDA

View Full Version : ssl in lslb

ulises
01-19-2009, 05:23 AM
Hi

I hope you guys can help me on this one :)

I'm running litespeed Load balancer and I'm having problems setting up 2 diferents listeners with SSL

What i have

2 virtual host -- one site on each

1 Default listener -- with the 2 VH mapped on port 80

and i have created 2 diferents secure listeners to run on port 443 and each listener will have their own SSL CERT; however, Litespeed wont let me to run to listener at the time

I got this error :(


2009-01-19 03:03:01.003 ERROR HttpListener::start(): Can't listen at address ssl-login: Address already in use!
2009-01-19 03:03:01.003 ERROR HttpServer::addListener(ssl-login) failed to create new listener
2009-01-19 03:03:01.003 ERROR [config:server:listener:ssl-login] failed to start SSL listener on address *:443!


how can I solve this? -- i need to difenrets sites running its own SSL CERT
mistwang
01-19-2009, 06:40 AM
You need two IPs, and create SSL listener for each individual IP instead of "*:443".
ulises
01-19-2009, 07:06 AM
thanks for your reply

I actually thought that and tried but got the same results

I have two IPs in the LB server

1.2.3.200 -- this is the main IP for the LB server eth0

1.2.3.201 -- this would be eh0:1

I assigned 1.2.3.200 to SSL listener # 1 and works

I assigned 1.2.3.201 to SSL listener # 2 but still get the same error


2009-01-19 05:01:26.168 ERROR HttpListener::start(): Can't listen at address ssl-reports: Address already in use!
2009-01-19 05:01:26.168 ERROR HttpServer::addListener(ssl-reports) failed to create new listener
2009-01-19 05:01:26.168 ERROR [config:server:listener:ssl-reports] failed to start SSL listener on address 1.2.3..201:443!


do i need to add another IP -- so the SSL's listeners wont use the main IP?
mistwang
01-19-2009, 08:38 AM
For first listener, you have to change it from "*:443" to "1.2.3.200:443"
ulises
01-19-2009, 08:41 AM
yes, I do have it that way


Running ssl-1 1.2.3.200:443 [vh.com] www.domain1.com domain.com
Error ssl-2 1.2.3.201:443 N/A
mistwang
01-19-2009, 08:48 AM
Please PM me the login to the web console, I can take a look.
mistwang
01-19-2009, 08:50 AM
I think you need to stop it from command line, the start it again.
no to use "restart" from command line or web console.
Make sure the second IP does exist.
ulises
01-19-2009, 08:57 AM
restaring from command line did it

thx man.
ulises
01-19-2009, 09:03 AM
now i have some other strange problem

site-1 is working ok... however, site-2 seems to be reading the site-1's cert file eventhough the path is correct $SERVER_ROOT/ssl/site-2.crt

I have no errors nor warnings

any ideas?
mistwang
01-19-2009, 09:06 AM
make sure site-1.crt and site-2.crt are not identical.
ulises
01-19-2009, 09:20 AM
they are not :(
mistwang
01-19-2009, 09:26 AM
make the login working, I can take a look.
ulises
01-19-2009, 10:23 AM
pls try now
mistwang
01-19-2009, 10:49 AM
the problem is your DNS record. both domains point to .200.
ulises
01-19-2009, 10:51 AM
ok thx I'll change the site-2 IP to match .201

thx for your time