httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Vávra <va...@602.cz>
Subject Re: [users@httpd] wrong certs
Date Wed, 23 Oct 2013 07:14:12 GMT
Hello,
  it is obvious you are using port based virtual host. My question was 
for assuring you have configured basics well.
  So I suppose you have:

Listen *:424 https
<VirtualHost *:424>
ServerName A
SSLCertificateFile 1.crt
*SSLCertificateKeyFile 1.key*

#and probably also
SSLCertificateChainFile chain.crt

</VirtualHost>


I have made a test and it works fine.
I do not use wildcards, I directly specify the IP address.

Listen 424 https
Listen 444 https
<VirtualHost 192.168.1.211:424>
  ServerName A
  SSLCertificateFile 1.crt
  SSLCertificateKeyFile 1.key
</VirtualHost>

<VirtualHost 192.168.1.211:444>
  ServerName B
  SSLCertificateFile 2.crt
  SSLCertificateKeyFile 2.key
</VirtualHost>

and in my hosts file there are recors
192.168.1.211 A
192.168.1.211 B

Try to call httpd -S. In my case it shows
VirtualHost configuration:
....
192.168.1.211:424      A (1.conf)
192.168.1.211:444      B (2.conf)

For A and B I use some real names eg. www.mycompany1.cz, www.mycompany2.cz.

Do you even know about name based virtual https host?
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
Most clients support this and I use it in production.

Jan

> The certificates are specified in port based virtual hosts, there is 
> no NameVirtualHost here.  So I would expect the specified certificate 
> to be served on the corresponding port no matter what host header was 
> passed.
>
>
> On Tue, Oct 22, 2013 at 4:50 PM, Jan Vávra <vavra@602.cz 
> <mailto:vavra@602.cz>> wrote:
>
>     Hello.
>      For sure have you not forgotten specifying option
>     SSLCertificateKeyFile  ?
>      What is the url you are using?
>      If you use https://localost:424 instead of https://a:424, you can
>     get weird results.
>
>      I can also try it, if your problem persists. My last several
>     years is full of creating and using certificates ;-)
>
>      Jan.
>
>
>         I two virtual hosts on different ports specify different
>         certificate files, but use the same ServerName, both ports use
>         the same certificate.  Is this expected behavior?
>
>
>         With this config:
>
>         Listen *:424 https
>         <VirtualHost *:424>
>         ServerName A
>         SSLCertificateFile 1.crt
>         </VirtualHost>
>
>         Listen *:444 https
>         <VirtualHost *:444>
>         ServerName A
>         SSLCertificateFile 2.crt
>         </VirtualHost>
>
>         connecting to either 424 or 444, I get cert 1.
>
>         With this config:
>
>         Listen *:424 https
>         <VirtualHost *:424>
>         ServerName A
>         SSLCertificateFile 1.crt
>         </VirtualHost>
>
>         Listen *:444 https
>         <VirtualHost *:444>
>         ServerName B
>         SSLCertificateFile 2.crt
>         </VirtualHost>
>
>         connecting to 424 gets me cert 1, and connecting to 444 gets
>         me cert 2.
>
>
>
>
>     ---------------------------------------------------------------------
>     To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>     <mailto:users-unsubscribe@httpd.apache.org>
>     For additional commands, e-mail: users-help@httpd.apache.org
>     <mailto:users-help@httpd.apache.org>
>
>


Mime
View raw message