On Wed, Feb 19, 2014 at 3:40 AM, Jason Ni <jason.ni.py@xxxxxxxxx> wrote: > Hello All, > > I want to configure Apache for this use case: > > We have more than one virtual hosts with different hostnames. I use name > based virtual hosting configuration for these hosts. > > And I want to give each host 2 ports for HTTPs services. One is for outside > service, the other is for internal service. > > It's possible that we use different SSL keys and certs for internal and > outside HTTPs configurations. And clients do check validation of SSL > certificates. So I did a simple test of this configuration. > > However, in my test case, I find Apache always gives client the certificate > from the first VirtualHost configuration. > > My test environment is RHEL6.4, Apache2 > > My test configuration is like this: > > NameVirtualHost and Listen statements are inserted in the ssl.conf file. > -------------------------------------------------------- > NameVirtualHost 192.168.33.10:443 > NameVirtualHost 192.168.33.10:8443 > Listen 443 > Listen 8443 > -------------------------------------------------------- > > And I created a new file ssldemo.conf in conf.d > -------------------------------------------------------------------- > <VirtualHost 192.168.33.10:8443> > ServerName site1.test.com > SSLCertificateFile /etc/pki/tls/certs/localhost.crt > <VirtualHost 192.168.33.10:443> > ServerName site1.test.com > SSLCertificateFile /etc/httpd/ssl/sslcert.pem > > When I connect Apache server use the url https://site1.test.com, I get the > cert of /etc/pki/tls/certs/localhost.crt. > Seems Apache server doesn't support this kind of usage, does it? No, Apache selects the best interface:port match first, then selects name-based vhosts and SNI from things that match the set of selected interface:port. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|