httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <oh...@cox.net>
Subject Re: [users@httpd] NameVirtualHost + SSL certificate problem
Date Thu, 19 Oct 2006 12:03:01 GMT

---- Laszlo Nagy <gandalf@designaproduct.biz> wrote: 
> 
>   Hello All,
> 
> I have a little problem with my Apache. Here is the software version:
> 
> #apachectl -v
> Server version: Apache/2.0.59
> Server built:   Oct  4 2006 08:32:33
> #uname -a
> FreeBSD designaproduct.biz 6.1-RELEASE-p6 FreeBSD 6.1-RELEASE-p6 #2: Thu 
> Sep  7 07:13:22 EDT 2006     
> gandalf@designaproduct.biz:/usr/obj/usr/src/sys/DESIGNAPRODUCT  i386
> 
> 
> Here are some important lines from my httpd.conf:
> 
> Listen 80
> Listen 443
> Listen 444
> 
> This is from ssl.conf (included from httpd.conf):
> 
> SSLCertificateFile /usr/local/certs/designaproduct_biz.crt
> SSLCertificateKeyFile /usr/local/certs/designaproduct_biz.key.pem
> SSLCACertificateFile /usr/local/certs/DigiCertCA.crt
> 
> I need to serve many domains (designasign.biz, designateeshirt.biz, 
> shopzeus.com, mess.hu etc.) I only have one IP address, so I'm using 
> name based virtual hosts. However, I also need to do secure payments on 
> two sites. I did a trick:
> 
> 
> <VirtualHost *:444>
>     ServerName designasign.biz
>     ServerAlias www.designasign.biz
>     DocumentRoot /www/designasign.biz/
>     SSLEngine On
>     <Location />
>         Order Allow,Deny
>         Allow from All
>         Options Indexes
>         AllowOverride None
>     </Location>
> </VirtualHost>
> 
> <VirtualHost *:443>
>   ServerName shopzeus.com
>   ServerAlias www.shopzeus.com
>     DocumentRoot /www/shopzeus.com/
> 
>   SSLEngine On
>   SSLCertificateFile /www/certs/www.shopzeus.com.crt
>   SSLCertificateKeyFile /www/certs/shopzeus.com.key.pem
>   SSLCertificateChainFile /www/certs/sf_issuing.crt
>   SSLCACertificateFile /www/certs/sf_issuing.crt
> 
>   <Location />
>      Order allow,deny
>      Allow from all
>   </Location>
> </VirtualHost>
> 
> 
> So in theory, HTTPS requests to port 444 use the default certificate 
> (which belongs to designasign.biz) and HTTPS requests to port 443 use 
> the www.shopzeus.com.crt certificate (which belongs to www.shopzeus.com).
> 
> Everything seems fine, except that apache uses the default certificate 
> for both sites. (You can test it, just go to https://www.shopzeus.com .) 
> Is this a limitation in Apache? If not, what is wrong with my 
> configuration? (I cannot find any error messages or warnings in the logs.)
> 
> Thanks,
> 
>    Laszlo
> 
> 

Laszlo,

It's been awhile, but I *think* that we ran across this or something similar awhile ago. 
From what I recall, I was told (or found) that Apache only uses the first certificate, or
something like that.  We solved our problem by getting a "wildcard server certificate" (all
of the VirtualHosts have the same root DNS domain name, e.g., "*.foo.com", in our case).

HTH...

Jim

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message