>From my experience the configuration file is a top down processing. If you repeat a setting multiple times it will usually take the last setting. In this example it wouldn't surprise me if you repeat the setting of virtual server with the same value, it returns an error trying to match the certificate name on the second certificate.
If the virtual server name is not used the reverse DNS lookup finds the appropriate name equivalent to the ip address. Kevin http://kevincastellow.workintel.com On Fri, May 14, 2010 at 4:51 PM, Reinhard Vicinus <r.vici...@metaways.de>wrote: > Hi, > > is the following behaviour of apache 2.2.15 (debian unstable) a feature or > a bug? > > Listen 10.0.0.1:81 > <VirtualHost 10.0.0.1:81> > SSLEngine on > SSLCertificateFile /etc/apache2/conf/aaa.crt > SSLCertificateKeyFile /etc/apache2/conf/aaa.key > > ServerName aaa > </VirtualHost> > > Listen 10.0.0.2:81 > <VirtualHost 10.0.0.2:81> > SSLEngine on > SSLCertificateFile /etc/apache2/conf/bbb.crt > SSLCertificateKeyFile /etc/apache2/conf/bbb.key > > ServerName aaa > </VirtualHost> > > > > curl https://bbb:81 > SSL: certificate subject name 'aaa' does not match target host name 'bbb' > > > curl https://10.0.0.2:81 > SSL: certificate subject name 'aaa' does not match target host name > '10.0.0.2' > > if i remove or change the ServerName directive so that they differ then it > works as expected and certificate bbb is returned. If i switch the order of > the virtual host configuration certificate bbb is also used if i query > 10.0.0.1:81. > > Thanks in advance > Reinhard > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
