Hi, I am running Apache 2. I am quite familiar with 1 and 2, but I am having a odd problem with the Virtual Hosts on my Apache 2 server. All of the domains run off of a single domain. Here is what is baffling me. I have 3 virt host records in ssl.conf. When accessing any of the domains through http, they all display fine. One of the 3 domains has always had a cert, and it worked. However, the other two recently needed SSL as well. I am using basically an unedited version of ssl.conf, a side from the modifications of the virtual host directives. The odd part is, when I access the domains with https://, it pulls the proper file, so it using the correct doc root for each directive, however, it throws a SSL cert warning that the cert name doesn't match the domain name. Upon viewing it, it is saying the name is the cert from the first SSL virt host directive. This is quite reminiscent of when a domain not configed properly in apache will default to the first entry that uses the same IP the FQND is assigned to. So what is so baffling to me is when accessing the domain via https:// it does pull up the proper website, but Apache looks like it is defaulting to the key/crt pair of the first entry. I've viewed each key/cert to make sure somehow an exact copy wasn't overwritten another. They are all unique. Please let me know what the problem is here. I have never experienced this under Apache1.3. Below is the ssl.conf (I've only edited the file names and IP ever so slightly. I 100% assure you there were no typos that would concern us as to what the real file names were). The certs are from freessl.com 's RapidSSL. I have mentioned 3 domains, but I scrapped the directive for the third one until I can get it working with just 2. ssl.conf ------------------------------------- SSLRandomSeed startup builtin SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 <IfDefine SSL> # # When we also provide SSL we have to listen to the # standard HTTP port (see above) and to the HTTPS port # # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two # Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" # Listen 443 ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # # Some MIME-types for downloading Certificates and CRLs # AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). #SSLSessionCache none #SSLSessionCache shmht:/usr/local/httpd/logs/ssl_scache(512000) #SSLSessionCache shmcb:/usr/local/httpd/logs/ssl_scache(512000) SSLSessionCache dbm:/usr/local/httpd/logs/ssl_scache SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. SSLMutex file:/usr/local/httpd/logs/ssl_mutex ## ## SSL Virtual Host Context ## NameVirtualHost 67.15.107.000:443 <VirtualHost 67.15.107.000:443> DocumentRoot "/www/cftb.com" ServerName www.cftb.com:443 ServerAdmin admin@xxxxxxxx ErrorLog /usr/local/httpd/logs/error_log TransferLog /usr/local/httpd/logs/access_log SSLEngine On SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/httpd/conf/ssl.crt/cftb.com.crt SSLCertificateKeyFile /usr/local/httpd/conf/ssl.key/cftb.com.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/usr/local/httpd/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /usr/local/httpd/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> <VirtualHost 67.15.107.000:443> DocumentRoot "/www/50b.com" ServerName www.50b.com:443 ServerAdmin admin@xxxxxxx ErrorLog /usr/local/httpd/logs/error_log TransferLog /usr/local/httpd/logs/access_log SSLEngine On SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/httpd/conf/ssl.crt/50b.com.crt SSLCertificateKeyFile /usr/local/httpd/conf/ssl.key/50b.com.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/usr/local/httpd/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /usr/local/httpd/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> </IfDefine> --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx