Re: wrong certs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is not a bug but a SNI feature (http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI).
Check if you have not defined
  NameVirtualHost *:424
  NameVirtualHost *:444
Jan.



Try your same config but use A for the ServerName in both VirtualHost sections.  Based on what I've seen, you should then get 1.crt from either port, and never get 2.crt, which seems like a bug.


On Wed, Oct 23, 2013 at 3:14 AM, Jan Vávra <vavra@xxxxxx> wrote:
Hello,
 it is obvious you are using port based virtual host. My question was for assuring you have configured basics well.
 So I suppose you have:


Listen *:424 https
<VirtualHost *:424>
ServerName A
SSLCertificateFile 1.crt
SSLCertificateKeyFile 1.key

#and probably also
SSLCertificateChainFile chain.crt

</VirtualHost>


I have made a test and it works fine.
I do not use wildcards, I directly specify the IP address.

Listen 424 https
Listen 444 https
<VirtualHost 192.168.1.211:424>
 ServerName A
 SSLCertificateFile 1.crt
 SSLCertificateKeyFile 1.key
</VirtualHost>

<VirtualHost 192.168.1.211:444>
 ServerName B
 SSLCertificateFile 2.crt
 SSLCertificateKeyFile 2.key
</VirtualHost>

and in my hosts file there are recors
192.168.1.211 A
192.168.1.211 B

Try to call httpd -S. In my case it shows
VirtualHost configuration:
....
192.168.1.211:424      A (1.conf)
192.168.1.211:444      B (2.conf)

For A and B I use some real names eg. www.mycompany1.cz, www.mycompany2.cz.

Do you even know about name based virtual https host?
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
Most clients support this and I use it in production.

Jan

The certificates are specified in port based virtual hosts, there is no NameVirtualHost here.  So I would expect the specified certificate to be served on the corresponding port no matter what host header was passed.


On Tue, Oct 22, 2013 at 4:50 PM, Jan Vávra <vavra@xxxxxx> wrote:
Hello.
 For sure have you not forgotten specifying option SSLCertificateKeyFile  ?
 What is the url you are using?
 If you use https://localost:424 instead of https://a:424, you can get weird results.

 I can also try it, if your problem persists. My last several years is full of creating and using certificates ;-)

 Jan.


I two virtual hosts on different ports specify different certificate files, but use the same ServerName, both ports use the same certificate.  Is this expected behavior?


With this config:

Listen *:424 https
<VirtualHost *:424>
ServerName A
SSLCertificateFile 1.crt
</VirtualHost>

Listen *:444 https
<VirtualHost *:444>
ServerName A
SSLCertificateFile 2.crt
</VirtualHost>

connecting to either 424 or 444, I get cert 1.

With this config:

Listen *:424 https
<VirtualHost *:424>
ServerName A
SSLCertificateFile 1.crt
</VirtualHost>

Listen *:444 https
<VirtualHost *:444>
ServerName B
SSLCertificateFile 2.crt
</VirtualHost>

connecting to 424 gets me cert 1, and connecting to 444 gets me cert 2.




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx






[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux