Actually, the answer is RTFM.. You can not have multiple SSL vhosts responding to one IP/port combination.. The FIRST SSL vhost will ALWAYS respond when making the connection.. This is due to how the protocol works..
Refer http://marc.theaimsgroup.com/?l=apache-modssl&m=98576871506980&w=2 for more info Rgds Jeff ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, March 15, 2003 4:47 PM Subject: Re: problem installing cert on virtual host > On 14 Mar 2003 at 17:14, Dan McComb wrote: > > > Thanks Beau, > > > > Here's the pertinent bits (this file may look a bit strange -- it's a > > Mac OS X Server conf file, but functions in almost every way like > > traditional http.conf file): > > [...] > > > > On Friday, March 14, 2003, at 04:58 PM, [EMAIL PROTECTED] wrote: > > > > > On 14 Mar 2003 at 16:20, Dan McComb wrote: > > > > > >> I've successfully installed one virtual host on my server to listen on > > >> port 443, and it's been running great. But when I added another > > >> virtual > > >> host directive to listen on same port further down in the file, I find > > >> that the first listener is the one that "picks up" the request. This > > >> results in an error in IE: "the identity certificate name is not > > >> correct." If I comment out the first virtual host, the problem > > >> disappears and the second one works fine. I need them to work > > >> together... > > >> > > >> Anyone know how can I configure my virtual hosts/httpd.conf to avoid > > >> this problem? > > >> > > >> /dan mccomb > > >> > > >> ---------------------------------------------------------------------- > > >> -- > > >> ------------ > > >> > > > [...] > > Hi - > > I see nothing wrong with your conf file. I have some > suggestions: > > * since your SSL servers work one at a time, perhaps > this is not an SSL problem. Remember, the first > vhost is the 'default': any request that does > not match a name (within that ip:port group) > is sent to that first server. Why don't you comment > out the SSL directives, change the ports to 80, > and see if you can browse to each vhost? > > * in the same vein, is you bind (dns) server setup > OK? > > * you may want to look at each server cert: > > openssl rsa -noout -text -in <whetever>.crt > > the subject CN should match the server name. > > * if you certs are self-signed, your browser > will give you an error - that the CA is not > recognized as trusted - but everything else > should be OK if your CN matches the server > name. > > Let me know how it goes... > > Aloha => Beau; > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
