Are you sure that your client supports SNI?
On 16/04/2012 19:21, Tom Evans wrote:
> On Mon, Apr 16, 2012 at 4:51 PM, Mikhail T. <mi+t...@aldan.algebra.com> wrote:
>> On 16.04.2012 11:40, Tom Evans wrote:
>>
>> They can. Excerpt from my httpd.conf:
>>
>> Your excerpt does not show different DocumentRoots -- nor any other
>> settings... Could you show more contents? What is the Apache version you are
>> using? In all my attempts, Apache a) issues a pointless warning about
>> multiple SSL vhosts on the same IP/port; b) uses the settings (including
>> DocumentRoot) from the first vhost encountered for all of them.
>>
> Er, OK:
>
> NameVirtualHost *:80
> NameVirtualHost *:443
>
>
> <VirtualHost *:443>
> ServerName rc.xxxxxx.com
>
> SSLEngine on
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.crt
> SSLCertificateKeyFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.key
> SSLCACertificateFile /etc/ssl/xxxxxx/ca.crt
> ErrorDocument 403 /errors/certneeded.html
> Alias /errors /usr/local/etc/apache22/xxxxxxerrors
> SSLVerifyClient optional
>
> <LocationMatch ^(?!/errors/)>
> SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
> SSLVerifyClient optional
> </LocationMatch>
>
> SSLVerifyDepth 1
> SSLCARevocationFile /etc/ssl/xxxxxx/ca.crl
> SSLOptions +StdEnvVars
> SSLUserName SSL_CLIENT_S_DN_Email
> RequestHeader set X-SSL-Enabled 1
>
> DocumentRoot /usr/home/tom/projects/rc/htdocs
>
> <Directory /usr/home/tom/projects/rc/htdocs>
> Order allow,deny
> Allow from all
> </Directory>
>
> #CustomLog /var/log/httpd-ssl-rc.log "%t %h %{SSL_PROTOCOL}x
> %{SSL_CIPHER}x \"%r\" %b"
>
> SetEnv proxy-nokeepalive 1
>
> RewriteEngine on
> RewriteCond %{REQUEST_URI} !^/favicon.ico
> RewriteCond %{REQUEST_URI} !^/media
> RewriteCond %{REQUEST_URI} !^/amedia
> RewriteCond %{REQUEST_URI} !^/errors
> RewriteRule ^/(.*)$ /rc.fcgi/$1 [QSA,L]
>
> FastCGIExternalServer /usr/home/tom/projects/rc/htdocs/rc.fcgi
> -socket /usr/home/tom/projects/rc/run/rc.socket
> </VirtualHost>
>
>
> <VirtualHost *:443>
> ServerName sab.xxxxxx.com
>
> SSLEngine on
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.crt
> SSLCertificateKeyFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.key
> SSLCACertificateFile /etc/ssl/xxxxxx/ca.crt
> SSLVerifyClient optional
>
> ErrorDocument 403 /errors/certneeded.html
> Alias /errors /usr/local/etc/apache22/xxxxxxerrors
>
> <LocationMatch ^(?!/errors/)>
> SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
> SSLVerifyClient optional
> </LocationMatch>
>
> SSLVerifyDepth 1
> SSLCARevocationFile /etc/ssl/xxxxxx/ca.crl
> SSLUserName SSL_CLIENT_S_DN_Email
> SSLOptions +StdEnvVars
> RequestHeader set X-SSL-Enabled 1
>
> DocumentRoot /var/empty
>
> <Directory /var/empty>
> Order allow,deny
> Allow from all
> </Directory>
>
> ProxyPass /errors !
> ProxyPass / http://ethan.xxxxxx.com:8085/sabnzbd/ retry=0
> ProxyPassReverse / http://ethan.xxxxxx.com:8085/sabnzbd/
> SetEnv proxy-nokeepalive 1
> </VirtualHost>
>
> <VirtualHost *:443>
> ServerName svn.xxxxxx.com
>
> SSLEngine on
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.crt
> SSLCertificateKeyFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.key
> SSLCACertificateFile /etc/ssl/xxxxxx/ca.crt
> SSLVerifyClient optional
>
> ErrorDocument 403 /errors/certneeded.html
> Alias /errors /usr/local/etc/apache22/xxxxxxerrors
>
> <Location />
> DAV svn
> SVNPath /tank/svn/repos/devel
> </Location>
>
> <LocationMatch ^(?!/errors/)>
> SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
> SSLVerifyClient optional
> </LocationMatch>
>
> SSLVerifyDepth 1
> SSLCARevocationFile /etc/ssl/xxxxxx/ca.crl
> SSLUserName SSL_CLIENT_S_DN_Email
> </VirtualHost>
>
> This is httpd 2.2.21 btw
>
> Cheers
>
> Tom
