---- Laszlo Nagy <gandalf@xxxxxxxxxxxxxxxxxx> wrote: > > Hello All, > > I have a little problem with my Apache. Here is the software version: > > #apachectl -v > Server version: Apache/2.0.59 > Server built: Oct 4 2006 08:32:33 > #uname -a > FreeBSD designaproduct.biz 6.1-RELEASE-p6 FreeBSD 6.1-RELEASE-p6 #2: Thu > Sep 7 07:13:22 EDT 2006 > gandalf@xxxxxxxxxxxxxxxxxx:/usr/obj/usr/src/sys/DESIGNAPRODUCT i386 > > > Here are some important lines from my httpd.conf: > > Listen 80 > Listen 443 > Listen 444 > > This is from ssl.conf (included from httpd.conf): > > SSLCertificateFile /usr/local/certs/designaproduct_biz.crt > SSLCertificateKeyFile /usr/local/certs/designaproduct_biz.key.pem > SSLCACertificateFile /usr/local/certs/DigiCertCA.crt > > I need to serve many domains (designasign.biz, designateeshirt.biz, > shopzeus.com, mess.hu etc.) I only have one IP address, so I'm using > name based virtual hosts. However, I also need to do secure payments on > two sites. I did a trick: > > > <VirtualHost *:444> > ServerName designasign.biz > ServerAlias www.designasign.biz > DocumentRoot /www/designasign.biz/ > SSLEngine On > <Location /> > Order Allow,Deny > Allow from All > Options Indexes > AllowOverride None > </Location> > </VirtualHost> > > <VirtualHost *:443> > ServerName shopzeus.com > ServerAlias www.shopzeus.com > DocumentRoot /www/shopzeus.com/ > > SSLEngine On > SSLCertificateFile /www/certs/www.shopzeus.com.crt > SSLCertificateKeyFile /www/certs/shopzeus.com.key.pem > SSLCertificateChainFile /www/certs/sf_issuing.crt > SSLCACertificateFile /www/certs/sf_issuing.crt > > <Location /> > Order allow,deny > Allow from all > </Location> > </VirtualHost> > > > So in theory, HTTPS requests to port 444 use the default certificate > (which belongs to designasign.biz) and HTTPS requests to port 443 use > the www.shopzeus.com.crt certificate (which belongs to www.shopzeus.com). > > Everything seems fine, except that apache uses the default certificate > for both sites. (You can test it, just go to https://www.shopzeus.com .) > Is this a limitation in Apache? If not, what is wrong with my > configuration? (I cannot find any error messages or warnings in the logs.) > > Thanks, > > Laszlo > > Laszlo, It's been awhile, but I *think* that we ran across this or something similar awhile ago. From what I recall, I was told (or found) that Apache only uses the first certificate, or something like that. We solved our problem by getting a "wildcard server certificate" (all of the VirtualHosts have the same root DNS domain name, e.g., "*.foo.com", in our case). HTH... Jim --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|