[users@httpd] apache 2.2.13 ssl problem: wrong certificate being served

Tue, 27 Oct 2009 11:42:16 -0700

I'm running: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8k mod_jk/1.2.26
I have these two virtual hosts set up (I added a space between 'xten' and 'it' to keep search engines from picking this email up) : 


<VirtualHost 199.107.233.199:443 >
ServerName segments.xten it.com

<snip>

#use this virt host if the servername matches *.a.xten it.com
<VirtualHost 199.107.233.199:443 >
ServerName  a.xten it.com
#ServerName can't have a *, it has to go in ServerAlias
ServerAlias  *.a.xten it.com



I have these two virtual hosts because recently Firefox stopped 
accepting our certificate that had *.*.xten it.com as the CN.  I added a 
new virtual host with a new certificate for *.a.xten it.com and this 
setup works most of the time, but today I find that when I go to 
https://thomasnet-m.a.xten it.com/ in Firefox I'm getting a ssl cert 
warning because I'm getting the certificate for *.*.xten it.com instead 
of the certificate for *.a.xten it.com.  All other domains I have tried 
like https://jks-m.a.xten it.com/ do work.



Now here's the kicker: When I click through the warning in Firefox my 
logs show that I am going to the second virtual host, the one with the
that *.a certificate, even though I'm using the *.* certificate.  So how 
is it apache is sending me to the correct virtual host but serving up 
the wrong certificate?


More tidbits:
 I have the exact same setup on port 444, but port 444 is fine.

 This was working for me yesterday.  I restarted my desktop since then, 
but not apache.
 My browser is: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) 
Gecko/20090909 Fedora/3.5.3-1.fc11 Firefox/3.5.3
 This problem has happened a few times since I installed the new 
certificate but hasn't been reliably reproduceable.

 Firefox 3.5.3 for windows (run in wine) does not have this problem.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org























					Reply via email to