> SSLCertificateFile /etc/pki/tls/certs/localhost.crtOn Wed, Feb 19, 2014 at 3:40 AM, Jason Ni <jason.ni.py@xxxxxxxxx> wrote:
> Hello All,
>
> I want to configure Apache for this use case:
>
> We have more than one virtual hosts with different hostnames. I use name
> based virtual hosting configuration for these hosts.
>
> And I want to give each host 2 ports for HTTPs services. One is for outside
> service, the other is for internal service.
>
> It's possible that we use different SSL keys and certs for internal and
> outside HTTPs configurations. And clients do check validation of SSL
> certificates. So I did a simple test of this configuration.
>
> However, in my test case, I find Apache always gives client the certificate
> from the first VirtualHost configuration.
>
> My test environment is RHEL6.4, Apache2
>
> My test configuration is like this:
>
> NameVirtualHost and Listen statements are inserted in the ssl.conf file.
> --------------------------------------------------------
> NameVirtualHost 192.168.33.10:443
> NameVirtualHost 192.168.33.10:8443
> Listen 443
> Listen 8443
> --------------------------------------------------------
>
> And I created a new file ssldemo.conf in conf.d
> --------------------------------------------------------------------
> <VirtualHost 192.168.33.10:8443>
> ServerName site1.test.com
> SSLCertificateFile /etc/httpd/ssl/sslcert.pem
No, Apache selects the best interface:port match first, then selects
>
> When I connect Apache server use the url https://site1.test.com, I get the
> cert of /etc/pki/tls/certs/localhost.crt.
> Seems Apache server doesn't support this kind of usage, does it?
name-based vhosts and SNI from things that match the set of selected
interface:port.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|