httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gillis J. de Nijs" <gil...@jink.net.INVALID>
Subject Re: [users@httpd] VirtualHost and HTTPS
Date Thu, 30 Aug 2018 07:01:23 GMT
Also see https://wiki.apache.org/httpd/NameBasedSSLVHosts

As a rule, it is impossible to host more than one SSL virtual host on the
> same IP address and port.

This is because Apache needs to know the name of the host in order to
> choose the correct certificate to setup the encryption layer.


That page links to https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
for more information and requirements on SNI.

On Wed, Aug 29, 2018 at 8:54 PM, Jonathan Sélea <jonathan@selea.se> wrote:

> It is.
> If you try to disable myhost.domain1.org - you will see that
> myhost.domain2.org will work over SSL/TLS :)
>
>
>
>
> On 2018-08-29 19:19, David Rush wrote:
>
>> Ah, so SNI is dependent on the operating system, not the version of
>> Apache HTTPD installed?
>>
>> I had read about SNI and understood the basics of it, but assumed that
>> it was a function of HTTPD version rather than older OS version.
>>
>> Thanks for your help.
>>
>> David
>>
>> On Wed, Aug 29, 2018 at 11:00 AM, Jonathan Sélea <jonathan@selea.se>
>> wrote:
>>
>> I am very sure that this has to do with the fact that older machines
>>> simply does not have support for SNI.
>>>
>>> On 2018-08-29 16:28, David Rush wrote:
>>>
>>> I'm running httpd 2.4.12 on Windows Server 2003.
>>>>
>>>> We have things set up and working with http and https using the
>>>> primary host name (fully qualified).
>>>>
>>>> We need for a different domain (same hostname) to work with https.
>>>>
>>>> These both need to work:
>>>>
>>>> https://myhost.domain1.org - this works fine
>>>>
>>>> https://myhost.domain2.org - I can't get this to work
>>>>
>>>> I have certificates (and key files) for both domains (the first
>>>> being
>>>> unique to the FQDN, the second being a wildcard for *.domain2.org
>>>> [1]
>>>> [1]).
>>>>
>>>> I have <VirtualHost *:443> blocks set up with ServerName
>>>> myhost.domain1.org [2] [2] in one, and ServerName
>>>> myhost.domain2.org [3] [3]
>>>> in the other.  Each specifies its proper cert and key files, and
>>>> unique DocumentRoot locations.
>>>>
>>>> httpd.exe -S clearly indicates both VirtualHosts found, no errors
>>>> (no
>>>> errors from httpd.exe -t, either).
>>>>
>>>> It appears that the first certificate is always being served
>>>> regardless of which host name is used in the browser.  Also, the
>>>> 2nd
>>>> (domain2.org [1] [1]) config has a different DocumentRoot, but
>>>> when I tell
>>>> the browser to ignore the security warnings I'm being delivered
>>>> content from the domain1.org [4] [4] DocumentRoot.
>>>>
>>>>
>>>> Help!
>>>>
>>>> David
>>>>
>>>> E-Mail to and from me, in connection with the transaction
>>>> of public business, is subject to the Wyoming Public Records
>>>> Act and may be disclosed to third parties.
>>>>
>>>> Links:
>>>> ------
>>>> [1] http://domain2.org
>>>> [2] http://myhost.domain1.org
>>>> [3] http://myhost.domain2.org
>>>> [4] http://domain1.org
>>>>
>>>
>>> --
>>> Jonathan Sélea
>>>
>>> PGP Key: 0x8B35B3C894B964DD
>>> Fingerprint: 4AF2 10DE 996B 673C 0FD8  AFA0 8B35 B3C8 94B9 64DD
>>> https://jonathanselea.se
>>>
>>>
>>> ---------------------------------------------------------------------
>>
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>
>> E-Mail to and from me, in connection with the transaction
>> of public business, is subject to the Wyoming Public Records
>> Act and may be disclosed to third parties.
>>
>>
>> Links:
>> ------
>> [1] http://domain2.org
>> [2] http://myhost.domain1.org
>> [3] http://myhost.domain2.org
>> [4] http://domain1.org
>>
>
> --
> Jonathan Sélea
>
> PGP Key: 0x8B35B3C894B964DD
> Fingerprint: 4AF2 10DE 996B 673C 0FD8  AFA0 8B35 B3C8 94B9 64DD
> https://jonathanselea.se
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message