On 12.03.2015 15:51, Quentin CHARRAUT wrote: > Hi all, > > I really need help to understand what I'm doing wrong and how to solve my problems. > Let me first explain the situation. > > We have an Apache webserver (Linux), in front of a Jboss application server which hosts many different application. > Apache is configured to redirect clients based on virtual hosts definitions (depends on client URLs). Note that all applications are available with an URL like https://x.example.com, where x is the client name. > We also own a valid SSL wildcard certificate for *.example.com installed on the Apache server and mod_ssl enable. > > Actually, all the configuration is correct for defined virtual hosts : for example, when the client toto try to access his application, he use the URL toto.example.com and Apache see that the corresponding virtual host exists. > For non-defined virtual hosts, for example, if he client tata try to access his application, the default virtual host (*.example.com) handle the request correctly and make some redirection. > > Now, for development reasons, we decided to "reproduce" the production environment. We decided to simulate client with URL like https://x.dev.example.com. So we bought the associated wildcard certificate (*.dev.example.com) and installed hit on the same Apache server. > > Now, here comes the issues. > First, I added a virtual host for *.dev.example.com placed after the vhost *.example.com, and when I tried to access https://titi.dev.example.com with a browser, it give a "ssl_error_bad_cert_domain" error. Note that there is no errors if I define a specific vhost for titi.dev.example.com but it's not sufficient for our needs. > Then, I made a test by putting the *.dev.example vhost before *.example.com, and then the URL https://titi.dev.example.com is available without certificates errors. But now, the https://toto.example.com URL give me a "ssl_error_bad_cert_domain" error. > > My question is, how can I have both *.example.com and *.rc.example.com vhost working together without any bad certificate errors ? > Maybe I missed something ? or maybe it's not possible ? The wildcard only works on one level so you'll need two certificates for this one for *.example.com and one for *.rc.example.com. Regards, Dennis --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|