I've setup Apache to handle named Virtual Hosts with SSL however there is something I am missing because it doesn't work. This is my first time trying multiple SSL hosting however I have had one SSL domain working for years on this server.
The certificates check out because if I comment out the section for domain1.com then domain2.com works perfectly in the browser, i.e.: no warning message and straight into https://www.domain2.com seamlessly. Of course domain1.com gives the "untrusted certificate" warning since it's the wrong certificate the browser is getting. When I uncomment the lines for domain1.com then domain1.com will work seamlessly as domain2.com did but now domain2.com will give the "untrusted certificate" warning in the browser so Apache is defaulting the first certificate it finds to serve up the browser. I can't find anymore to do to make this work so I'm hoping someone who has made this work could look at my Apache configuration and tell me what I am doing wrong. I also checked the Apache log and I get this message: [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) which from what I read means that Apache is properly setup for Named-based Virtual domains with SSL. The software is: openSUSE 11.4 Apache 2.2.17 openSSL 1.0.0c FireFox 12.0 Linux & Windows, IE7 Vista I've checked all of the above software versions and as far as I can see it is all new enough to work with SNI. Any help really appreciated! Reg Relevant Apache configuration: Listen 443 NameVirtualHost *:443 SSLProtocol all -SSLv2 SSLCipherSuite ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/lib/apache2/ssl_scache(512000) SSLSessionCacheTimeout 600 SSLMutex default SSLRandomSeed startup builtin SSLRandomSeed connect builtin <Directory "/srv/www/vhosts/live/m/multi-001/www"> Options none AllowOverride all Order allow,deny Allow from all </Directory> # Old stuff we'll probably never use <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/srv/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # # www.domain1.com # # Live: live/www.domain1.com <VirtualHost *:443> DocumentRoot "/srv/www/vhosts/live/m/multi-7/www/" ServerName domain1.com:443 ServerAlias www.domain1.com:443 ServerAdmin webmas...@domain1.com <Directory "/srv/www/vhosts/live/m/multi-7/www"> Options none AllowOverride all Order allow,deny Allow from all </Directory> SSLEngine on SSLCertificateFile /etc/ssl/private/crt/domain1.com.crt SSLCertificateKeyFile /etc/ssl/private/key/domain1.com.key SSLCertificateChainFile /etc/ssl/private/bundle/domain1.com.crt.bundle CustomLog '/var/log/apache2/d/domain1.com_reqst' ssl_combined ErrorLog '/var/log/apache2/d/domain1.com_error' RewriteLog '/var/log/apache2/d/domain1.com_rewri' </VirtualHost> # # www.domain2.com # # Live: live/www.domain2.com <VirtualHost *:443> DocumentRoot "/srv/www/vhosts/live/m/multi-7/www/" ServerName domain2.com:443 ServerAlias www.domain2.com:443 ServerAdmin webmas...@domain2.com <Directory "/srv/www/vhosts/live/m/multi-7/www"> Options none AllowOverride All Order allow,deny Allow from all </Directory> SSLEngine on SSLCertificateFile /etc/ssl/private/crt/domain2.com.crt SSLCertificateKeyFile /etc/ssl/private/key/domain2.com.key SSLCertificateChainFile /etc/ssl/private/bundle/domain2.com.crt.bundle CustomLog '/var/log/apache2/d/domain2.com_acces' ssl_combined ErrorLog '/var/log/apache2/d/domain2.com_error' RewriteLog '/var/log/apache2/d/domain2.com_rewri' </VirtualHost>
