Hello Sebastien, Short answer: the host running HTTPS must have a dedicated IP address. Long answer: when a client connects to the server at port 443, the first thing they will do is an SSL handshake. This happens even before the client sends its HTTPS request with the url and Host header. Therefore, during this handshake, the server has no idea what vhost the client wants to connect to, and the server will send the only certificate it has for that IP address. The client will then report a certificate hostname mismatch error. This again happens even before the client sends the HTTPS request. If the client attempts to continue with the connection and sends the HTTPS request with the URL and Host header, what happens at that point is up to the server. What currently happens and what do you want to happen? Allen > -----Original Message----- > From: Sebastien Roy [mailto:Apache@xxxxxxxxxxxx] > Sent: Thursday, June 07, 2007 3:41 PM > To: users@xxxxxxxxxxxxxxxx > Subject: VHOST and SSL > > > Hi folks, > > We are running Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8b DAV/2 > PHP/5.1.4 and everything is working perfectly except one > thing and I'm > sure it's a configuration problem. We have some domains that > have SSL > certificate and some not. My problem is very simple, what i'm doing > wrong if every vhost works using https and use the same certificate. > What I need is that for exemple https://www.mydomain.com works with > mydomain.com certificate but that https://www.myotherdom.com is not > answering 'cause the SSL is only applied to mydomain.com! > > Right now every vhost is answering to SSL request. The config looks > like that: > > NameVirtualHost x.x.x.x:80 > NameVirtualHost x.x.x.x:443 > > <VirtualHost x.x.x.x:443> > ServerAdmin webmaster@xxxxxxxxxxxx > ServerName www.mydomain.com > DocumentRoot /services/mydomain.com > CustomLog /services/www-logs/mydomain.com.log combined > > SSLEngine on > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > SSLCertificateFile /opt/Apache/2.2.3/conf/www.mydomain.com.crt > SSLCertificateKeyFile /opt/Apache/2.2.3/conf/www.mydomain.com.key > SSLCACertificateFile /opt/Apache/2.2.3/conf/SSLCA.crt > > <FilesMatch "\.(cgi|shtml|phtml|php)$"> > SSLOptions +StdEnvVars > </FilesMatch> > <Directory "/opt/Apache/2.2.3/cgi-bin"> > SSLOptions +StdEnvVars > </Directory> > > BrowserMatch ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > </VirtualHost> > > <VirtualHost x.x.x.x:80> > ServerAdmin webmaster@xxxxxxxxxxxxxxx > ServerName www.otherdomain.com > ServerAlias otherdomain.com > DocumentRoot /services/otherdomain.com > CustomLog /services/www-logs/otherdomain.com.log > combined </VirtualHost> > > > And my other question is how to replace > > <VirtualHost x.x.x.x:80> > ServerAdmin webmaster@xxxxxxxxxxxxxxx > ServerName www.otherdomain.com > ServerAlias otherdomain.com > DocumentRoot /services/otherdomain.com > CustomLog /services/www-logs/otherdomain.com.log > combined </VirtualHost> > > > with something like that: > > <VirtualHost x.x.x.x:80> > ServerAdmin webmaster@$0 > ServerName www.$0 > ServerAlias $0 > DocumentRoot /services/$0 > CustomLog /services/www-logs/$0.log combined </VirtualHost> > > > Thanks > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP > Server Project. See > <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|