you need to set the cert files per virtual domain example : <VirtualHost *:443> ServerName underconstruction.scom.ca ServerAlias underconstruction.scom.ca DocumentRoot /www/underconstruction.scom.ca SSLEngine on SSLProtocol all SSLCertificateKeyFile /www/scom.ca/ssl/scom.ca.key SSLCertificateFile /www/scom.ca/ssl/scom.ca.crt SSLCertificateChainFile /www/scom.ca/ssl/scom.ca.chain </VirtualHost> <VirtualHost *:443> ServerName ekst.ca ServerAlias ekst.ca ServerAlias www.ekst.ca DocumentRoot /www/ekst.ca SSLEngine on SSLProtocol all SSLCertificateFile /www/ekst.ca/ssl/ekst.ca.crt SSLCertificateKeyFile /www/ekst.ca/ssl/ekst.ca.key SSLCertificateChainFile /www/ekst.ca/ssl/ekst.ca.chain </VirtualHost> Happy Wednesday !!! Thanks - paul Paul Kudla Scom.ca Internet Services <http://www.scom.ca> 004-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3 Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 On 5/18/2022 5:26 PM, frank picabia wrote:
Sorry, different domain. 300 hosts like *.example1.com <http://example1.com> and now we have 1 example2.com <http://example2.com>On Wed, May 18, 2022 at 4:31 PM Frank Gingras <thumbs@xxxxxxxxxx <mailto:thumbs@xxxxxxxxxx>> wrote:See if you can add a SAN to that wildcard certificate first. On Wed, 18 May 2022 at 15:21, frank picabia <fpicabia@xxxxxxxxx <mailto:fpicabia@xxxxxxxxx>> wrote: We have a server with over 300 vhosts on it. Marketing/CMS madness I guess. All on the same domain name. Many VirtualHosts are defined with *:443 and then ServerName to rely on SNI. We have a wildcard cert for the domain and all the hosts use that. Now there is a different domain to add for SSL. For some reason the first domain name's certificate is being found. I've put the IP for our new comer domain so we have <VirtualHost *MailScanner warning: numerical links are often malicious:* 1.1.1.1:443 <http://1.1.1.1:443> > but it is still finding the other cert. This IP is uniquely assigned with the different domain, as you'd expect with DNS. So it can't be a overlap of the IP used elsewhere. Researching this problem ("wrong cert loaded for vhost"), I read that in the initial SSL connection, it is talking to the IP, and whatever values we have for ServerName have no bearing until the page is being accessed. If that's the case then it might have matched another vhost with *:443 first I tried putting my new domain at the top of ssl.conf but it made no difference. I'm thinking I need to edit each *:443 case and change it to the appropriate IP. That will be a lot of work, so I'm looking for affirmation that is likely to make the difference. -- This message has been scanned for viruses and dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is believed to be clean.
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|