httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph S <...@selectacast.net>
Subject [users@httpd] apache 2.2.13 ssl problem: wrong certificate being served
Date Tue, 27 Oct 2009 18:41:37 GMT
I'm running: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8k 
mod_jk/1.2.26

I have these two virtual hosts set up (I added a space between 'xten' 
and 'it' to keep search engines from picking this email up) :


<VirtualHost 199.107.233.199:443 >
ServerName segments.xten it.com

<snip>

#use this virt host if the servername matches *.a.xten it.com
<VirtualHost 199.107.233.199:443 >
ServerName  a.xten it.com
#ServerName can't have a *, it has to go in ServerAlias
ServerAlias  *.a.xten it.com


I have these two virtual hosts because recently Firefox stopped 
accepting our certificate that had *.*.xten it.com as the CN.  I added a 
new virtual host with a new certificate for *.a.xten it.com and this 
setup works most of the time, but today I find that when I go to 
https://thomasnet-m.a.xten it.com/ in Firefox I'm getting a ssl cert 
warning because I'm getting the certificate for *.*.xten it.com instead 
of the certificate for *.a.xten it.com.  All other domains I have tried 
like https://jks-m.a.xten it.com/ do work.

Now here's the kicker: When I click through the warning in Firefox my 
logs show that I am going to the second virtual host, the one with the
that *.a certificate, even though I'm using the *.* certificate.  So how 
is it apache is sending me to the correct virtual host but serving up 
the wrong certificate?

More tidbits:
  I have the exact same setup on port 444, but port 444 is fine.
  This was working for me yesterday.  I restarted my desktop since then, 
but not apache.
  My browser is: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) 
Gecko/20090909 Fedora/3.5.3-1.fc11 Firefox/3.5.3
  This problem has happened a few times since I installed the new 
certificate but hasn't been reliably reproduceable.
  Firefox 3.5.3 for windows (run in wine) does not have this problem.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message