On Fri, Nov 13, 2009 at 1:29 AM, Krist van Besien
<krist.vanbesien@xxxxxxxxx> wrote:
> On Fri, Nov 13, 2009 at 3:15 AM, Randy Paries <rtparies@xxxxxxxxx> wrote:
>> Hello,
>> i have a box with two domains
>> CentOS release 5.3
>> Server version: Apache/2.2.3
>>
>> initially the box only had one IP and domain.
>>
>> I went and got a SSL cert for that domain and everything was fine.
>>
>> i then went and added a second IP and a second Domain (eventually i
>> planned to split these)
>>
>> I then created a test self signed cert for the second domain/IP (same NIC card)
>>
>> Since i have done that my first domain/IP SSL gives me the error
>> message that it is the incorrect cert
>> "cert belongs to a different site" and when i look at the cert via FF
>> it is all localhost / self signed stufff
>>
>> i even yesterday tried to re-issue the old cert
>> openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr
>>
>> I have removed the ssl on the second domain for now
>>
>> in my httpd,conf I am pointing to the key and crt i just created
>> SSLEngine on
>> SSLCertificateFile /etc/httpd/conf/ssl.crt/www.mydomain.com.crt
>> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.mydomain.com.key
>>
>> in the SSL error log i see
>> [Thu Nov 12 09:26:41 2009] [warn] RSA server certificate is a CA
>> certificate (BasicConstraints: CA == TRUE !?)
>> [Thu Nov 12 09:26:41 2009] [warn] RSA server certificate CommonName
>> (CN) `localhost.localdomain' does NOT match server name!?
>
> You need to give us some more information. What have you done to make
> sure that the right IP is associated with the right SSL instance and
> certificate? This does not happen automatically.
>
> Normally you should have two virtualhosts in your httpd.conf, each
> with its own SSL directives. Could you show us more of your config?
>
>
> Krist
Hello,
Thanks for you help
this is how i have it set up.
when i generate the CSR do i need to do something special to bind the
CSR to a specific IP?
<VirtualHost 216.186.190.101:443>
ServerAdmin webmaster@xxxxxxxxxxx
DocumentRoot /home/unitfaces/
ServerName www.unitfaces.com
ServerAlias unitfaces.com
ErrorLog logs/unitfaces.com-error_log
CustomLog logs/unitfaces.com-access_log combined
ErrorLog logs/unitfacesSSL.com-error_log
CustomLog logs/unitfacesSSL.com-access_log combined
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/www.unitfaces.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.unitfaces.com.key
</VirtualHost>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|