httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthew Bachmann <mbachm...@google.com>
Subject Re: [users@httpd] wrong certs
Date Wed, 23 Oct 2013 13:36:15 GMT
Try your same config but use A for the ServerName in both VirtualHost
sections.  Based on what I've seen, you should then get 1.crt from either
port, and never get 2.crt, which seems like a bug.


On Wed, Oct 23, 2013 at 3:14 AM, Jan Vávra <vavra@602.cz> wrote:

>  Hello,
>  it is obvious you are using port based virtual host. My question was for
> assuring you have configured basics well.
>  So I suppose you have:
>
>
> Listen *:424 https
> <VirtualHost *:424>
> ServerName A
> SSLCertificateFile 1.crt
> *SSLCertificateKeyFile 1.key*
>
> #and probably also
> SSLCertificateChainFile chain.crt
>
> </VirtualHost>
>
>
> I have made a test and it works fine.
> I do not use wildcards, I directly specify the IP address.
>
> Listen 424 https
> Listen 444 https
> <VirtualHost 192.168.1.211:424>
>  ServerName A
>  SSLCertificateFile 1.crt
>  SSLCertificateKeyFile 1.key
> </VirtualHost>
>
> <VirtualHost 192.168.1.211:444>
>  ServerName B
>  SSLCertificateFile 2.crt
>  SSLCertificateKeyFile 2.key
> </VirtualHost>
>
> and in my hosts file there are recors
> 192.168.1.211 A
> 192.168.1.211 B
>
> Try to call httpd -S. In my case it shows
> VirtualHost configuration:
> ....
> 192.168.1.211:424      A (1.conf)
> 192.168.1.211:444      B (2.conf)
>
> For A and B I use some real names eg. www.mycompany1.cz, www.mycompany2.cz
> .
>
> Do you even know about name based virtual https host?
> http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
> Most clients support this and I use it in production.
>
> Jan
>
>  The certificates are specified in port based virtual hosts, there is no
> NameVirtualHost here.  So I would expect the specified certificate to be
> served on the corresponding port no matter what host header was passed.
>
>
> On Tue, Oct 22, 2013 at 4:50 PM, Jan Vávra <vavra@602.cz> wrote:
>
>> Hello.
>>  For sure have you not forgotten specifying option SSLCertificateKeyFile
>>  ?
>>  What is the url you are using?
>>  If you use https://localost:424 instead of https://a:424, you can get
>> weird results.
>>
>>  I can also try it, if your problem persists. My last several years is
>> full of creating and using certificates ;-)
>>
>>  Jan.
>>
>>
>>  I two virtual hosts on different ports specify different certificate
>>> files, but use the same ServerName, both ports use the same certificate.
>>>  Is this expected behavior?
>>>
>>>
>>> With this config:
>>>
>>> Listen *:424 https
>>> <VirtualHost *:424>
>>> ServerName A
>>> SSLCertificateFile 1.crt
>>> </VirtualHost>
>>>
>>> Listen *:444 https
>>> <VirtualHost *:444>
>>> ServerName A
>>> SSLCertificateFile 2.crt
>>> </VirtualHost>
>>>
>>> connecting to either 424 or 444, I get cert 1.
>>>
>>> With this config:
>>>
>>> Listen *:424 https
>>> <VirtualHost *:424>
>>> ServerName A
>>> SSLCertificateFile 1.crt
>>> </VirtualHost>
>>>
>>> Listen *:444 https
>>> <VirtualHost *:444>
>>> ServerName B
>>> SSLCertificateFile 2.crt
>>> </VirtualHost>
>>>
>>> connecting to 424 gets me cert 1, and connecting to 444 gets me cert 2.
>>>
>>>
>>>
>>
>>  ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>

Mime
View raw message