Hello All,
I want to configure Apache for this use case:
We have more than one virtual hosts with different hostnames. I use name based virtual hosting configuration for these hosts.
And I want to give each host 2 ports for HTTPs services. One is for outside service, the other is for internal service.
It's possible that we use different SSL keys and certs for internal and outside HTTPs configurations. And clients do check validation of SSL certificates. So I did a simple test of this configuration.
However, in my test case, I find Apache always gives client the certificate from the first VirtualHost configuration.
My test environment is RHEL6.4, Apache2
My test configuration is like this:
NameVirtualHost and Listen statements are inserted in the ssl.conf file.
--------------------------------------------------------
--------------------------------------------------------
And I created a new file ssldemo.conf in conf.d
--------------------------------------------------------------------
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
DocumentRoot /var/www/html
<Directory "/var/www/html">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ErrorLog logs/demo_error_log
TransferLog logs/demo_access_log
LogLevel debug
</VirtualHost>
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/sslcert.pem
SSLCertificateKeyFile /etc/httpd/ssl/sslkey.pem
DocumentRoot /var/www/html
<Directory "/var/www/html">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ErrorLog logs/demo_error_log
TransferLog logs/demo_access_log
LogLevel debug
</VirtualHost>
--------------------------------------------------------------------------------
When I connect Apache server use the url
https://site1.test.com, I get the cert of /etc/pki/tls/certs/localhost.crt.
Seems Apache server doesn't support this kind of usage, does it?
Best Regards,
Jason
