httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reg <...@seowebsales.com>
Subject [users@httpd] Problem with Multiple VirtualHosts with SSL using Named Virtual Hosts (SNI)
Date Fri, 11 May 2012 20:10:46 GMT
I've setup Apache to handle named Virtual Hosts with SSL however there is something I am missing
because it doesn't work. This is my first time trying multiple SSL hosting however I have
had one SSL domain working for years on this server.

The certificates check out because if I comment out the section for domain1.com then domain2.com
works perfectly in the browser, i.e.: no warning message and straight into https://www.domain2.com
seamlessly. Of course domain1.com gives the "untrusted certificate" warning since it's the
wrong certificate the browser is getting.

When I uncomment the lines for domain1.com then domain1.com will work seamlessly as domain2.com
did but now domain2.com will give the "untrusted certificate" warning in the browser so Apache
is defaulting the first certificate it finds to serve up the browser.

I can't find anymore to do to make this work so I'm hoping  someone who has made this work
could look at my Apache configuration and tell me what I am doing wrong.

I also checked the Apache log and I get this message:

[warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication
support (RFC 4366)
                                  
which from what I read means that Apache is properly setup for Named-based Virtual domains
with SSL.

The software is:

    openSUSE 11.4
    Apache 2.2.17
    openSSL 1.0.0c
    FireFox 12.0 Linux & Windows, IE7 Vista

I've checked all of the above software versions and as far as I can see it is all new enough
to work with SNI.

Any help really appreciated!
Reg

Relevant Apache configuration:

  Listen 443
  NameVirtualHost *:443

  SSLProtocol all -SSLv2
  SSLCipherSuite ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH
  AddType application/x-x509-ca-cert .crt
  AddType application/x-pkcs7-crl    .crl
  SSLPassPhraseDialog  builtin
  SSLSessionCache         shmcb:/var/lib/apache2/ssl_scache(512000)
  SSLSessionCacheTimeout  600
  SSLMutex  default
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin

  <Directory "/srv/www/vhosts/live/m/multi-001/www">
     Options none
     AllowOverride all
     Order allow,deny
     Allow from all
  </Directory>

  # Old stuff we'll probably never use
  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
     SSLOptions +StdEnvVars
  </Files>
  <Directory "/srv/www/cgi-bin">
     SSLOptions +StdEnvVars
  </Directory>
  SetEnvIf User-Agent ".*MSIE.*" \
     nokeepalive ssl-unclean-shutdown \
     downgrade-1.0 force-response-1.0
  #
  # www.domain1.com
  #
  # Live: live/www.domain1.com
  <VirtualHost *:443>
      DocumentRoot "/srv/www/vhosts/live/m/multi-7/www/"
      ServerName domain1.com:443
      ServerAlias www.domain1.com:443
      ServerAdmin webmaster@domain1.com
      <Directory "/srv/www/vhosts/live/m/multi-7/www">
        Options none
        AllowOverride all
        Order allow,deny
        Allow from all
      </Directory>
      SSLEngine on
      SSLCertificateFile /etc/ssl/private/crt/domain1.com.crt
      SSLCertificateKeyFile /etc/ssl/private/key/domain1.com.key
      SSLCertificateChainFile /etc/ssl/private/bundle/domain1.com.crt.bundle
      CustomLog   '/var/log/apache2/d/domain1.com_reqst'   ssl_combined
      ErrorLog    '/var/log/apache2/d/domain1.com_error'
      RewriteLog  '/var/log/apache2/d/domain1.com_rewri'
  </VirtualHost>
  #
  # www.domain2.com
  #
  # Live: live/www.domain2.com
  <VirtualHost *:443>
    DocumentRoot "/srv/www/vhosts/live/m/multi-7/www/"
    ServerName domain2.com:443
    ServerAlias www.domain2.com:443
    ServerAdmin webmaster@domain2.com
    <Directory "/srv/www/vhosts/live/m/multi-7/www">
      Options none
      AllowOverride All
      Order allow,deny
      Allow from all
    </Directory>
    SSLEngine on
    SSLCertificateFile /etc/ssl/private/crt/domain2.com.crt
    SSLCertificateKeyFile /etc/ssl/private/key/domain2.com.key
    SSLCertificateChainFile /etc/ssl/private/bundle/domain2.com.crt.bundle
    CustomLog  '/var/log/apache2/d/domain2.com_acces' ssl_combined
    ErrorLog   '/var/log/apache2/d/domain2.com_error'
    RewriteLog '/var/log/apache2/d/domain2.com_rewri'
  </VirtualHost>
Mime
View raw message