The same server certificate is presented by both sites and the CN does not match any of the FQDN. Therefore you get a security warning on both URLs. That's what's wrong. The requests will always be served by the first (default) NVH which IP address/port matches the VirtualHost definition regardless of ServerName. Therefore, the certificate presented to the client will always be the one defined by CertificatePath or CertificateFile in that particular virtual host. If you define different log files for each of your named virtual hosts, you will be able to see that for yourself. -ascs -----Original Message----- From: Steffen Ronalter [mailto:steffen@xxxxxxxxxxx] Sent: Wednesday, January 04, 2006 5:30 PM To: users@xxxxxxxxxxxxxxxx Subject: [users@httpd] More than one name-based vhost with SSL Hi! First: I've read the docs and now I know that it can't work. But my setup seems to work: check it out! https://ronalter.de https://grundfunk.de both are on the same machine with only one IP address. What's the fault in my thought? My config: ---------------------------------------------------------------- NameVirtualHost *:443 <VirtualHost *:443> ServerName grundfunk.de ServerName grundfunk.de ServerAlias www.grundfunk.de DocumentRoot /var/www/grundfunk SSLEngine on SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP </VirtualHost> <VirtualHost *:443> ServerName ronalter.de ServerAlias www.ronalter.de ServerAdmin webmaster@xxxxxxxxxxx DocumentRoot /var/www/ronalter SSLEngine on SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP </VirtualHost> ---------------------------------------------------------------- Thanks for your help! Steffen. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|