Hi all,
This morning we migrated 4 of our websites to a new server. Each of
these websites uses a certificate for https connections. We've got only
one Apache instance running with 4 virtual hosts on 4 different
IP-addresses.
This worked fine on the old server. But since the move this morning
Apache sends the certificate for the first VirtualHost to all 4
IP-addresses. Two of these sites need an additional
SSLCertificateChainFile, and this file is send *correctly* depending on
the IP-address. So Apache does see 4 different VirtualHosts, but somehow
ignores the individual SSLCertificateFiles.
Here is the relevant part of httpd.conf for these 4 hosts:
-----
Listen xxx.xxx.198.62:443
NameVirtualHost xxx.xxx.198.62:443
<VirtualHost xxx.xxx.198.62:443>
SSLEngine On
SSLCertificateChainFile chain1
SSLCertificateFile crt1
SSLCertificateKeyFile key1
</VirtualHost>
Listen xxx.xxx.198.61:443
NameVirtualHost xxx.xxx.198.61:443
<VirtualHost xxx.xxx.198.61:443>
SSLEngine On
SSLCertificateChainFile chain2
SSLCertificateFile crt2
SSLCertificateKeyFile key2
</VirtualHost>
Listen xxx.xxx.198.63:443
NameVirtualHost xxx.xxx.198.63:443
<VirtualHost xxx.xxx.198.63:443>
SSLEngine On
SSLCertificateFile crt3
SSLCertificateKeyFile key3
</VirtualHost>
Listen xxx.xxx.198.64:443
NameVirtualHost xxx.xxx.198.64:443
<VirtualHost xxx.xxx.198.64:443>
SSLEngine On
SSLCertificateFile crt4
SSLCertificateKeyFile key4
</VirtualHost>
-----
The old server is still up and running. I've upgraded Apache on that
system to the same version (2.0.58) and copied httpd.conf to that
machine. The above configuration somehow works correctly there.
I've been trying to debug this using "openssl s_client -state -connect"
and I do see some relevant differences, but I've been unable to
interpret them.
I know this report lacks a lot of possibly relevant details. But I
didn't want to send the whole httpd.conf and all of the terminal output
to this list.
Is there an obvious mistake in my configuration? Or have I stumbled on a
bug in Apache 2.0.58?
Met groet,
Frank.
--
Frank van Beek
WAXTRAPP BV
van Diemenstraat 366
1013CR Amsterdam
The Netherlands
Phone: +31 (0)20 672 2308
Fax: +31 (0)20 672 2488
http://www.waxtrapp.com
[EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]