httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Paries <rtpar...@gmail.com>
Subject Re: [users@httpd] apache with 2 SSL Certs Problem
Date Fri, 13 Nov 2009 17:14:46 GMT
On Fri, Nov 13, 2009 at 9:40 AM, Randy Paries <rtparies@gmail.com> wrote:
> On Fri, Nov 13, 2009 at 1:29 AM, Krist van Besien
> <krist.vanbesien@gmail.com> wrote:
>> On Fri, Nov 13, 2009 at 3:15 AM, Randy Paries <rtparies@gmail.com> wrote:
>>> Hello,
>>> i have a box with two domains
>>> CentOS release 5.3
>>> Server version: Apache/2.2.3
>>>
>>> initially the box only had one IP and domain.
>>>
>>> I went and got a SSL cert for that domain and everything was fine.
>>>
>>> i then went and added a second IP and a second Domain (eventually i
>>> planned to split these)
>>>
>>> I then created a test self signed cert for the second domain/IP (same NIC card)
>>>
>>> Since i have done that my first domain/IP SSL gives me the error
>>> message that it is the incorrect cert
>>> "cert belongs to a different site" and when i look at the cert via FF
>>> it is all localhost / self signed stufff
>>>
>>> i even yesterday tried to re-issue the old cert
>>> openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr
>>>
>>> I have removed the ssl on the second domain for now
>>>
>>> in my httpd,conf I am pointing to the key and crt i just created
>>>    SSLEngine on
>>>    SSLCertificateFile /etc/httpd/conf/ssl.crt/www.mydomain.com.crt
>>>    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.mydomain.com.key
>>>
>>> in the SSL error log i see
>>> [Thu Nov 12 09:26:41 2009] [warn] RSA server certificate is a CA
>>> certificate (BasicConstraints: CA == TRUE !?)
>>> [Thu Nov 12 09:26:41 2009] [warn] RSA server certificate CommonName
>>> (CN) `localhost.localdomain' does NOT match server name!?
>>
>> You need to give us some more information. What have you done to make
>> sure that the right IP is associated with the right SSL instance and
>> certificate? This does not happen automatically.
>>
>> Normally you should have two virtualhosts in your httpd.conf, each
>> with its own SSL directives. Could you show us more of your config?
>>
>>
>> Krist
>
> Hello,
> Thanks for you help
>
> this is how i have it set up.
> when i generate the CSR do i need to do something special to bind the
> CSR to a specific IP?
>
> <VirtualHost 216.186.190.101:443>
>    ServerAdmin webmaster@unitnet.com
>    DocumentRoot /home/unitfaces/
>
>    ServerName www.unitfaces.com
>    ServerAlias unitfaces.com
>
>    ErrorLog logs/unitfaces.com-error_log
>    CustomLog logs/unitfaces.com-access_log combined
>
>    ErrorLog logs/unitfacesSSL.com-error_log
>    CustomLog logs/unitfacesSSL.com-access_log combined
>
>    SSLEngine on
>    SSLCertificateFile /etc/httpd/conf/ssl.crt/www.unitfaces.com.crt
>    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.unitfaces.com.key
>
> </VirtualHost>
>

also i have this in my httpd
NameVirtualHost 216.186.190.101:80
NameVirtualHost 216.186.190.106:80
NameVirtualHost 216.186.190.101:443

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message