Hello,
I am trying to use multiple name-based virtual hosts with mod_ssl. The
system is running Mandrake 7.1 with mod_ssl-2.6.4. The virtual hosts
definition work fine with one gotcha, the first certificate/private key pair
is being used for both virtual hosts. The configuration file looks like
this:
###################
NameVirtualHost IPAddr1:443
<VirtualHost IPAddr1:443>
DocumentRoot /home/httpd/site1/html
ServerName site1.domain
ErrorLog logs/ssl-error_log
TransferLog logs/ssl-access_log
SSLEngine on
SSLCertificateFile conf/ssl/site1.domain.crt
SSLCertificateKeyFile conf/ssl/site1.domain.key
...Location/directory specific directives ....
</VirtualHost>
NameVirtualHost IPAddr1:443
<VirtualHost IPAddr1:443>
DocumentRoot /home/httpd/site2/html
ServerName site2.domain
ErrorLog logs/ssl-error_log
TransferLog logs/ssl-access_log
SSLEngine on
SSLCertificateFile conf/ssl/site2.domain.crt
SSLCertificateKeyFile conf/ssl/site2.domain.key
...Location/directory specific directives ....
</VirtualHost>
####################
If I try to establish a secure connection to either site1 or site2, then I
get appropriate the pages and access for that site based on the document
root and the location/directory specific directives. However when I connect
to site2, I get a browser error stemming from a name mismatch between the
site name and the site certificate. When I check the detailed information
for the server certificate, it's showing me the information for the
certificate of site1, even though I retrieve the pages for site 2. Can't
mod_ssl handle separate certificates for each vhost? If not, then why are
the SSSCertificate(Key)File directives used in <VirtualHost> instead of
being global?
Thank you,
Paul-Andre Panon
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
