httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Suresh Visvanathan <>
Subject Re: [users@httpd] apache with 2 SSL Certs Problem
Date Fri, 13 Nov 2009 08:23:38 GMT
IP based virtual hosting will help you. read thru this

also you can have 2 include file with different IP listening and map there in the include
file, to make it easy to maintenance. 

also can you paste your httpd.conf file 


From: Krist van Besien <>
Sent: Fri, November 13, 2009 12:59:33 PM
Subject: Re: [users@httpd] apache with 2 SSL Certs Problem

On Fri, Nov 13, 2009 at 3:15 AM, Randy Paries <> wrote:
> Hello,
> i have a box with two domains
> CentOS release 5.3
> Server version: Apache/2.2.3
> initially the box only had one IP and domain.
> I went and got a SSL cert for that domain and everything was fine.
> i then went and added a second IP and a second Domain (eventually i
> planned to split these)
> I then created a test self signed cert for the second domain/IP (same NIC card)
> Since i have done that my first domain/IP SSL gives me the error
> message that it is the incorrect cert
> "cert belongs to a different site" and when i look at the cert via FF
> it is all localhost / self signed stufff
> i even yesterday tried to re-issue the old cert
> openssl req -new -key -out
> I have removed the ssl on the second domain for now
> in my httpd,conf I am pointing to the key and crt i just created
>    SSLEngine on
>    SSLCertificateFile /etc/httpd/conf/ssl.crt/
>    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/
> in the SSL error log i see
> [Thu Nov 12 09:26:41 2009] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Thu Nov 12 09:26:41 2009] [warn] RSA server certificate CommonName
> (CN) `localhost.localdomain' does NOT match server name!?

You need to give us some more information. What have you done to make
sure that the right IP is associated with the right SSL instance and
certificate? This does not happen automatically.

Normally you should have two virtualhosts in your httpd.conf, each
with its own SSL directives. Could you show us more of your config?


Bremgarten b. Bern, Switzerland
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

The official User-To-User support forum of the Apache HTTP Server Project.
See> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message