httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: [users@httpd] Help with wilcards SSL certificates and virtual hosts
Date Thu, 12 Mar 2015 22:22:52 GMT
Hi Quentin,

On Thu, Mar 12, 2015 at 3:51 PM, Quentin CHARRAUT
<quentin.charraut@inova-software.com> wrote:
>
> My question is, how can I have both *.example.com and *.rc.example.com vhost
> working together without any bad certificate errors ?
>
> Maybe I missed something ? or maybe it’s not possible ?

I think you missed ServerAlias, wildcards are not valid ServerNames
(though legal in 2.2.x, not anymore in 2.4.x).

Your configuation should look like:

<VirtualHost 192.168.0.10:443>
    ServerName example.com:443
    ServerAlias *.example.com:443
    ...
</VirtualHost>

<VirtualHost 192.168.0.10:443>
    ServerName dev.example.com:443
    ServerAlias *.dev.example.com:443
    ...
</VirtualHost>

<...>

Please also note that the vhosts above are the "defaults" for requests
on 192.168.0.10:443 only (firsts on that IP:port), and hence requests
on 172.17.0.11:443 may still reach:
<VirtualHost 172.17.0.11:443>
   ServerName toto.example.com:443
   ...
</VirtualHost>
if this is the first one on that IP:port (and the requested host is
not a declared vhost).
Moreover requests for toto.example.com on 192.168.0.10:443 have no
chance to reach this vhost.

So I think you should declare all the "related" vhosts on the same
IP:port (and the selection will be based on the SNI given by the
client), otherwise you'll have to declare a default for each IP:port.

Regards,
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message