On Fri, Nov 13, 2009 at 9:40 AM, Randy Paries <rtparies@xxxxxxxxx> wrote: > On Fri, Nov 13, 2009 at 1:29 AM, Krist van Besien > <krist.vanbesien@xxxxxxxxx> wrote: >> On Fri, Nov 13, 2009 at 3:15 AM, Randy Paries <rtparies@xxxxxxxxx> wrote: >>> Hello, >>> i have a box with two domains >>> CentOS release 5.3 >>> Server version: Apache/2.2.3 >>> >>> initially the box only had one IP and domain. >>> >>> I went and got a SSL cert for that domain and everything was fine. >>> >>> i then went and added a second IP and a second Domain (eventually i >>> planned to split these) >>> >>> I then created a test self signed cert for the second domain/IP (same NIC card) >>> >>> Since i have done that my first domain/IP SSL gives me the error >>> message that it is the incorrect cert >>> "cert belongs to a different site" and when i look at the cert via FF >>> it is all localhost / self signed stufff >>> >>> i even yesterday tried to re-issue the old cert >>> openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr >>> >>> I have removed the ssl on the second domain for now >>> >>> in my httpd,conf I am pointing to the key and crt i just created >>> SSLEngine on >>> SSLCertificateFile /etc/httpd/conf/ssl.crt/www.mydomain.com.crt >>> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.mydomain.com.key >>> >>> in the SSL error log i see >>> [Thu Nov 12 09:26:41 2009] [warn] RSA server certificate is a CA >>> certificate (BasicConstraints: CA == TRUE !?) >>> [Thu Nov 12 09:26:41 2009] [warn] RSA server certificate CommonName >>> (CN) `localhost.localdomain' does NOT match server name!? >> >> You need to give us some more information. What have you done to make >> sure that the right IP is associated with the right SSL instance and >> certificate? This does not happen automatically. >> >> Normally you should have two virtualhosts in your httpd.conf, each >> with its own SSL directives. Could you show us more of your config? >> >> >> Krist > > Hello, > Thanks for you help > > this is how i have it set up. > when i generate the CSR do i need to do something special to bind the > CSR to a specific IP? > > <VirtualHost 216.186.190.101:443> > ServerAdmin webmaster@xxxxxxxxxxx > DocumentRoot /home/unitfaces/ > > ServerName www.unitfaces.com > ServerAlias unitfaces.com > > ErrorLog logs/unitfaces.com-error_log > CustomLog logs/unitfaces.com-access_log combined > > ErrorLog logs/unitfacesSSL.com-error_log > CustomLog logs/unitfacesSSL.com-access_log combined > > SSLEngine on > SSLCertificateFile /etc/httpd/conf/ssl.crt/www.unitfaces.com.crt > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.unitfaces.com.key > > </VirtualHost> > also i have this in my httpd NameVirtualHost 216.186.190.101:80 NameVirtualHost 216.186.190.106:80 NameVirtualHost 216.186.190.101:443 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|