|
Home > Archive > Web Servers on Unix and Linux > May 2004 > More than 1 SSL certificate on a server
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
More than 1 SSL certificate on a server
|
|
| Andreas Breitschopp 2004-05-11, 8:23 pm |
| Hello together!
I've got the following problem:
At our server there should be 2 different domains with SSL, of course,
with 2 different IP addresses.
In the file "ssl_vhost.conf" (we are using Confixx 2.0 Prof.) I have
added 2 virtual hosts for that reasons, each with a different
self-made ssl certificate.
The "ssl_vhost.conf"-file looks as following:
----
NameVirtualHost *IP1*:443
NameVirtualHost *IP2*:443
<VirtualHost *IP1*:443>
[...]
SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/certificate1.crt
SSLCertificateKeyFile /etc/apache/ssl.key/certificate1.key
</VirtualHost>
<VirtualHost *IP2*:443>
[...]
SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/certificate2.crt
SSLCertificateKeyFile /etc/apache/ssl.key/certificate2.key
</VirtualHost>
----
Although as it can be seen above both IPs have different SSL
certificates the browser always gets the "certificate1" that causes
that the 1. page opens without error, but the 2. one displays an error
message that the domain name is invalid.
What have I done wrong in the configuration or what could the problem
be so that the server send always the first certificate to the
browser?
Thanks in advance for your help
Andreas
http://www.ab-archive.com
| |
| D. Stussy 2004-05-11, 8:23 pm |
| On Sun, 9 May 2004, Andreas Breitschopp wrote:
> Hello together!
>
> I've got the following problem:
> At our server there should be 2 different domains with SSL, of course,
> with 2 different IP addresses.
> In the file "ssl_vhost.conf" (we are using Confixx 2.0 Prof.) I have
> added 2 virtual hosts for that reasons, each with a different
> self-made ssl certificate.
>
> The "ssl_vhost.conf"-file looks as following:
> ----
> NameVirtualHost *IP1*:443
> NameVirtualHost *IP2*:443
> <VirtualHost *IP1*:443>
> [...]
> SSLEngine on
> SSLCertificateFile /etc/apache/ssl.crt/certificate1.crt
> SSLCertificateKeyFile /etc/apache/ssl.key/certificate1.key
> </VirtualHost>
> <VirtualHost *IP2*:443>
> [...]
> SSLEngine on
> SSLCertificateFile /etc/apache/ssl.crt/certificate2.crt
> SSLCertificateKeyFile /etc/apache/ssl.key/certificate2.key
> </VirtualHost>
> ----
>
> Although as it can be seen above both IPs have different SSL
> certificates the browser always gets the "certificate1" that causes
> that the 1. page opens without error, but the 2. one displays an error
> message that the domain name is invalid.
> What have I done wrong in the configuration or what could the problem
> be so that the server send always the first certificate to the
> browser?
>
> Thanks in advance for your help
>
> Andreas
> http://www.ab-archive.com
You have declared your VH's as NVH's, but you want CLASSICAL VH's.
Try removing the "NameVirtualHost" declarations and see if the problem goes
away. NVH implies that all those virtual hosts SHARE an IP address and requires
the reading of the incomimg "Host:" header in the request - which has already
been SSL encrypted using the first certificate. That's too late to use the
second VH's certificate.
|
|
|
|
|