httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Serge Dubrouski" <serge...@gmail.com>
Subject Re: [users@httpd] Multiple certs & virtual hosts
Date Thu, 10 May 2007 01:24:34 GMT
You can't have 2 different SSL certificates on one IP address. See the FAQ.

On 5/9/07, Mark Drummond <md2600@gmail.com> wrote:
> Hi all,
>
> I have two different key files and their associated certs in PEM encoded
> files. I have two virtualhosts defined. The virtualhosts are working fine,
> in as much as they are pointing at different doc roots and I can browse to
> each virtual host. But both virtuals are using the cert of the first virtual
> in the config file. The second virtual is not using it's own cert, even
> though it's cert directives are pointing at it's own key and cert files. The
> below is an edited version of my configuration.
>
> <VirtualHost *:443>
>         ServerName server1
>         DocumentRoot "/server1"
>         SSLEngine on
>         SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:
> +HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>         SSLCertificateFile server1.crt
>         SSLCertificateKeyFile server1.key
> </VirtualHost>
>
> <VirtualHost *:443>
>         ServerName server2
>         DocumentRoot "/server2"
>         SSLEngine on
>         SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>         SSLCertificateFile server2.crt
>         SSLCertificateKeyFile server2.key
> </VirtualHost>
>
> So when I browse to https://server2, firefox has "server2" down in the
> bottom right corner of the browser window, but if I bring up the security
> dialog and look at the cert, it is the server1 cert.
>
> Any ideas?
>
> Apache 2.0.59 binary build from sunfreeware.com plus supporting tools. Keys
> and certs are self-signed, generated with openssl.
>
> Mark
>
> --
> Georgia: Why am I not doing what they're doing?
> Rube: Because you're doing what you're doing. When it's time for you to do
> something else you'll do that.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message