Re: Multiple certs & virtual hosts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks Serge. I actually saw this and it had me confused because the name based virtual host is working fine (in the sense that I am getting the right content back from each virtual host) but the second host was using the first host's cert. I'll switch to IP based virtuals. Thanks!

Mark

On 09/05/07, Serge Dubrouski <sergeyfd@xxxxxxxxx> wrote:
You can't have 2 different SSL certificates on one IP address. See the FAQ.

On 5/9/07, Mark Drummond <md2600@xxxxxxxxx> wrote:
> Hi all,
>
> I have two different key files and their associated certs in PEM encoded
> files. I have two virtualhosts defined. The virtualhosts are working fine,
> in as much as they are pointing at different doc roots and I can browse to
> each virtual host. But both virtuals are using the cert of the first virtual
> in the config file. The second virtual is not using it's own cert, even
> though it's cert directives are pointing at it's own key and cert files. The
> below is an edited version of my configuration.
>
> <VirtualHost *:443>
>         ServerName server1
>         DocumentRoot "/server1"
>         SSLEngine on
>         SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:
> +HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>         SSLCertificateFile server1.crt
>         SSLCertificateKeyFile server1.key
> </VirtualHost>
>
> <VirtualHost *:443>
>         ServerName server2
>         DocumentRoot "/server2"
>         SSLEngine on
>         SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>         SSLCertificateFile server2.crt
>         SSLCertificateKeyFile server2.key
> </VirtualHost>
>
> So when I browse to https://server2, firefox has "server2" down in the
> bottom right corner of the browser window, but if I bring up the security
> dialog and look at the cert, it is the server1 cert.
>
> Any ideas?
>
> Apache 2.0.59 binary build from sunfreeware.com plus supporting tools. Keys
> and certs are self-signed, generated with openssl.
>
> Mark
>
> --
> Georgia: Why am I not doing what they're doing?
> Rube: Because you're doing what you're doing. When it's time for you to do
> something else you'll do that.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL: http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




--
Georgia: Why am I not doing what they're doing?
Rube: Because you're doing what you're doing. When it's time for you to do something else you'll do that.
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux