httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph S <>
Subject [users@httpd] apache 2.2.13 ssl problem: wrong certificate being served
Date Tue, 27 Oct 2009 18:41:37 GMT
I'm running: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8k 

I have these two virtual hosts set up (I added a space between 'xten' 
and 'it' to keep search engines from picking this email up) :

<VirtualHost >
ServerName segments.xten


#use this virt host if the servername matches *.a.xten
<VirtualHost >
ServerName  a.xten
#ServerName can't have a *, it has to go in ServerAlias
ServerAlias  *.a.xten

I have these two virtual hosts because recently Firefox stopped 
accepting our certificate that had *.*.xten as the CN.  I added a 
new virtual host with a new certificate for *.a.xten and this 
setup works most of the time, but today I find that when I go to 
https://thomasnet-m.a.xten in Firefox I'm getting a ssl cert 
warning because I'm getting the certificate for *.*.xten instead 
of the certificate for *.a.xten  All other domains I have tried 
like https://jks-m.a.xten do work.

Now here's the kicker: When I click through the warning in Firefox my 
logs show that I am going to the second virtual host, the one with the
that *.a certificate, even though I'm using the *.* certificate.  So how 
is it apache is sending me to the correct virtual host but serving up 
the wrong certificate?

More tidbits:
  I have the exact same setup on port 444, but port 444 is fine.
  This was working for me yesterday.  I restarted my desktop since then, 
but not apache.
  My browser is: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: 
Gecko/20090909 Fedora/3.5.3-1.fc11 Firefox/3.5.3
  This problem has happened a few times since I installed the new 
certificate but hasn't been reliably reproduceable.
  Firefox 3.5.3 for windows (run in wine) does not have this problem.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message