Hello,
I have some virtual hosts and would like to run SSL with different
certificates on each. Having followed the following how-to,
http://gentoo-wiki.com/HOWTO_Apache_with_Name_Based_Hosting_and_SSL and
rebuilding apache with SNI support, I am having some issues in that
domain2.com only returns the server.crt and not the one specified in my
rule.
Here are the relevant conf files and setup:
.
|-- httpd.conf
|-- magic
|-- modules.d
| |-- 00_apache_manual.conf
| |-- 00_default_settings.conf
| |-- 00_error_documents.conf
| |-- 00_languages.conf
| |-- 00_mod_autoindex.conf
| |-- 00_mod_info.conf
| |-- 00_mod_log_config.conf
| |-- 00_mod_mime.conf
| |-- 00_mod_status.conf
| |-- 00_mod_userdir.conf
| |-- 00_mpm.conf
| |-- 10_mod_mem_cache.conf
| |-- 12_mod_auth_mysql.conf
| |-- 27_mod_proxy_html.conf
| |-- 40_mod_ssl.conf
| |-- 45_mod_dav.conf
| |-- 46_mod_ldap.conf
| |-- 47_mod_dav_svn.conf
| |-- 70_mod_php5.conf
| |-- 75_mod_perl.conf
| |-- 80_mod_auth_pgsql.conf
| |-- 99_mod_security.conf
| |-- mod_security
| `-- postinst-en.txt
|-- ssl
| |-- domain_one.csr
| |-- domain_one.key
| |-- domain_one.crt
| |-- server.crt
| |-- server.key
| |-- domain_two.csr
| |-- domain_two.key
| `-- domain_two.crt
`-- vhosts.d
|-- 00_default_ssl_vhost.conf
|-- 00_default_vhost.conf
|-- domain_one.conf
`-- domain_two.conf
#######
#domain_one.conf
<VirtualHost *:80>
ServerName domain_one.com
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^/(.*)
http://domain_one.com:7080/VirtualHostBase/http/domain_one.com:80/sites/site1/VirtualHostRoot/$1
[L,P]
</IfModule>
ErrorLog /var/log/apache2/domain_one_error.log
<IfModule mod_log_config.c>
CustomLog /var/log/apache2/domain_one_access.log combined
</IfModule>
RewriteLog /var/log/apache2/domain_one_rewrite_log
</VirtualHost>
<IfDefine SSL>
<IfDefine SSL_DEFAULT_VHOST>
<IfModule ssl_module>
<VirtualHost *:443>
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/domain_one.crt
SSLCertificateKeyFile /etc/apache2/ssl/domain_one.key
ServerName domain_one.com
SSLOptions StrictRequire
SSLProtocol all -SSLv2
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^/(.*)
http://domain_one.com:7080/VirtualHostBase/https/domain_one.com:443/sites/site1/VirtualHostRoot/$1
[L,P]
</IfModule>
<IfModule mod_log_config.c>
TransferLog /var/log/apache2/domain_one_ssl_access_log
</IfModule>
<IfModule mod_setenvif.c>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive
ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>
<IfModule mod_log_config.c>
CustomLog /var/log/apache2/domain_one_ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfModule>
</VirtualHost>
</IfModule>
</IfDefine>
</IfDefine>
#######
#domain_two.conf
is the same as domain_one, with the only difference being the entries
for the RewriteRule
RewriteRule ^/(.*)
http://domain_two.com:7080/VirtualHostBase/https/domain_two.com:443/sites/site2/VirtualHostRoot/$1
[L,P]
and the
SSLCertificateFile /etc/apache2/ssl/domain_two.crt
SSLCertificateKeyFile /etc/apache2/ssl/domain_two.key
also the logs etc..
Now my issue is that everything seems to work OK for domain_one.com but
everytime I try to access domain_two.com I get the certificate for the
machine, that is server.ctr and not domain_two.ctr.
This is not the case in domain_one.com, where the correct certificate is
displayed.
Even if I put the certificate for domain_one, I get the server.crt
certificate showing.
Any ideas on how to solve this problem? And how to test SNI is working?
I have apache 2.2.8
Many thanks
Norman
%>>> "".join( [ {'*':'@','^':'.'}.get(c,None) or chr(97+(ord(c)-83)%26)
for c in ",adym,*)&uzq^zqf" ] )
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]