Re: apache with 2 SSL Certs Problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

IP based virtual hosting will help you. read thru this http://httpd.apache.org/docs/1.3/vhosts/ip-based.html

also you can have 2 include file with different IP listening and map there in the include file, to make it easy to maintenance.

also can you paste your httpd.conf file

thanks
-suresh



From: Krist van Besien <krist.vanbesien@xxxxxxxxx>
To: users@xxxxxxxxxxxxxxxx
Sent: Fri, November 13, 2009 12:59:33 PM
Subject: Re: apache with 2 SSL Certs Problem

On Fri, Nov 13, 2009 at 3:15 AM, Randy Paries <rtparies@xxxxxxxxx> wrote:
> Hello,
> i have a box with two domains
> CentOS release 5.3
> Server version: Apache/2.2.3
>
> initially the box only had one IP and domain.
>
> I went and got a SSL cert for that domain and everything was fine.
>
> i then went and added a second IP and a second Domain (eventually i
> planned to split these)
>
> I then created a test self signed cert for the second domain/IP (same NIC card)
>
> Since i have done that my first domain/IP SSL gives me the error
> message that it is the incorrect cert
> "cert belongs to a different site" and when i look at the cert via FF
> it is all localhost / self signed stufff
>
> i even yesterday tried to re-issue the old cert
> openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr
>
> I have removed the ssl on the second domain for now
>
> in my httpd,conf I am pointing to the key and crt i just created
>    SSLEngine on
>    SSLCertificateFile /etc/httpd/conf/ssl.crt/www.mydomain.com.crt
>    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.mydomain.com.key
>
> in the SSL error log i see
> [Thu Nov 12 09:26:41 2009] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Thu Nov 12 09:26:41 2009] [warn] RSA server certificate CommonName
> (CN) `localhost.localdomain' does NOT match server name!?

You need to give us some more information. What have you done to make
sure that the right IP is associated with the right SSL instance and
certificate? This does not happen automatically.

Normally you should have two virtualhosts in your httpd.conf, each
with its own SSL directives. Could you show us more of your config?


Krist


--
krist.vanbesien@xxxxxxxxx
krist@xxxxxxxxxxxxx
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "  from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux