Greetings, Here is an example apache httpd.conf fragment which gets apache + ssl + zope to all play nicely together. If someone has a nicer way of doing this, chime in. The bonus in these instructions is that I also got the management interface to come up via ssl. I really struggled getting the RewriteRules to work right. These instructions worked for me using apache 2.0.20 and zope 2.6.1. Prerequisites ============= apache + mod_ssl are installed and functioning correctly. www.example.com and manage.example.com have the same ip address. zope runs on www.example.com port 8080. zope has a Virtual Host Monster object in the root folder. zope has a folder named "example" in the root folder. Warnings ======== - Understand SSL, and get your certificates and options right for your needs. - Verify that no important plaintext is transmitted. - Restrict remote access to port 8080 or else folks will be able to connect to the zope management interface remotely without using SSL. - Your mileage may vary. Usage and Indications ====================== - http://www.example.com serves content from zope's "example" folder. - https://www.example.com serves content from zope's "example" folder, via SSL. - http://www.example.com/manage is forbidden. - https://www.example.com/manage is forbidden. - https://manage.example.com/ brings up the "Zope Quick Start" page. - https://manage.example.com/manage brings up an authentication dialog box for the zope management interface. httpd.conf - virtual hosts section ========== NameVirtualHost * NameVirtualHost *:443 # NON-SSL EXAMPLE.COM SERVING CONTENT FROM THE "EXAMPLE" FOLDER # MANAGE INTERFACE FORBIDDEN <VirtualHost *> ServerName www.example.com RewriteEngine on RewriteCond %{REQUEST_URI} manage RewriteRule manage - [F] RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/http/www.example.com:80/example/Virtua... [P,L] </VirtualHost> # SSL EXAMPLE.COM SERVING CONTENT FROM THE "EXAMPLE" FOLDER # MANAGE INTERFACE FORBIDDEN <VirtualHost *:443> ServerName www.example.com # SSL SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 # REWRITE RewriteEngine on RewriteCond %{REQUEST_URI} manage RewriteRule manage - [F] RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/https/www.example.com:443/example/Virt... [P,L] </VirtualHost> # MANAGEMENT INTERFACE VIA SSL <VirtualHost *:443> ServerName manage.example.com # SSL SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 # REWRITE RewriteEngine on RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/https/manage.example.com:443/VirtualHo... [P,L] </VirtualHost> -- Ricardo Anguiano http://www.codesourcery.com