On Fri, Nov 13, 2009 at 3:15 AM, Randy Paries <rtparies@xxxxxxxxx> wrote: > Hello, > i have a box with two domains > CentOS release 5.3 > Server version: Apache/2.2.3 > > initially the box only had one IP and domain. > > I went and got a SSL cert for that domain and everything was fine. > > i then went and added a second IP and a second Domain (eventually i > planned to split these) > > I then created a test self signed cert for the second domain/IP (same NIC card) > > Since i have done that my first domain/IP SSL gives me the error > message that it is the incorrect cert > "cert belongs to a different site" and when i look at the cert via FF > it is all localhost / self signed stufff > > i even yesterday tried to re-issue the old cert > openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr > > I have removed the ssl on the second domain for now > > in my httpd,conf I am pointing to the key and crt i just created > SSLEngine on > SSLCertificateFile /etc/httpd/conf/ssl.crt/www.mydomain.com.crt > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.mydomain.com.key > > in the SSL error log i see > [Thu Nov 12 09:26:41 2009] [warn] RSA server certificate is a CA > certificate (BasicConstraints: CA == TRUE !?) > [Thu Nov 12 09:26:41 2009] [warn] RSA server certificate CommonName > (CN) `localhost.localdomain' does NOT match server name!? You need to give us some more information. What have you done to make sure that the right IP is associated with the right SSL instance and certificate? This does not happen automatically. Normally you should have two virtualhosts in your httpd.conf, each with its own SSL directives. Could you show us more of your config? Krist -- krist.vanbesien@xxxxxxxxx krist@xxxxxxxxxxxxx Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx