Thanks Serge. I actually saw this and it had me confused because the name based virtual host is working fine (in the sense that I am getting the right content back from each virtual host) but the second host was using the first host's cert. I'll switch to IP based virtuals. Thanks!
Mark On 09/05/07, Serge Dubrouski <[EMAIL PROTECTED]> wrote:
You can't have 2 different SSL certificates on one IP address. See the FAQ. On 5/9/07, Mark Drummond <[EMAIL PROTECTED]> wrote: > Hi all, > > I have two different key files and their associated certs in PEM encoded > files. I have two virtualhosts defined. The virtualhosts are working fine, > in as much as they are pointing at different doc roots and I can browse to > each virtual host. But both virtuals are using the cert of the first virtual > in the config file. The second virtual is not using it's own cert, even > though it's cert directives are pointing at it's own key and cert files. The > below is an edited version of my configuration. > > <VirtualHost *:443> > ServerName server1 > DocumentRoot "/server1" > SSLEngine on > SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA: > +HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > SSLCertificateFile server1.crt > SSLCertificateKeyFile server1.key > </VirtualHost> > > <VirtualHost *:443> > ServerName server2 > DocumentRoot "/server2" > SSLEngine on > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > SSLCertificateFile server2.crt > SSLCertificateKeyFile server2.key > </VirtualHost> > > So when I browse to https://server2, firefox has "server2" down in the > bottom right corner of the browser window, but if I bring up the security > dialog and look at the cert, it is the server1 cert. > > Any ideas? > > Apache 2.0.59 binary build from sunfreeware.com plus supporting tools. Keys > and certs are self-signed, generated with openssl. > > Mark > > -- > Georgia: Why am I not doing what they're doing? > Rube: Because you're doing what you're doing. When it's time for you to do > something else you'll do that. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Georgia: Why am I not doing what they're doing? Rube: Because you're doing what you're doing. When it's time for you to do something else you'll do that.
