LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 06-17-2010, 07:51 PM   #1
janstapel
LQ Newbie
 
Registered: Jul 2009
Posts: 1

Rep: Reputation: 0
Apache with SSL does not load the 2nd SSL certificate


Hello,

I am running Apache 2.2.13 with SSL and SNI enabled

This is what the virtual host portions looks like:

<VirtualHost *:443>
ServerAdmin support@itherd.com
DocumentRoot /srv/www/apps/login.itherd.com/
ServerName login.itherd.com
ErrorLog /var/log/apache2/login.itherd.com-error_log
SSLEngine on
SSLCertificateFile /etc/apache2/ssl.crt/login.itherd.com.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/login.itherd.com.key
<Directory "srv/www/apps/login.itherd.com/">
AllowOverride None
Options ExecCGI
AddHandler cgi-script cgi pl
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

<VirtualHost *:443>
ServerAdmin support@clubherd.com
DocumentRoot /srv/www/apps/app.clubherd.com/
ServerName app.clubherd.com
ErrorLog /var/log/apache2/club.clubherd.com-error_log
SSLEngine on
SSLCertificateFile /etc/apache2/ssl.crt/app.clubherd.com.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/app.clubherd.com.key
<Directory "srv/www/apps/app.clubherd.com/">
AllowOverride None
Options ExecCGI
AddHandler cgi-script cgi pl
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

When I start Apache it ask me for the pass phrase for the second host (both hosts have one)

When I browse to first host it have recognized the loaded its certificate. When I go to the second server I get am untrusted message because it is using the first certificate.

I have found and followed the directions of several web posts:
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
http://en.gentoo-wiki.com/wiki/Apach..._Virtual_Hosts

Any help is greatly appreciated.

Last edited by janstapel; 06-17-2010 at 08:01 PM.
 
Old 06-17-2010, 10:32 PM   #2
DaveQB
Member
 
Registered: Oct 2003
Location: Sydney, Australia.
Distribution: PCLinuxOS 2010.12, Debian Lenny
Posts: 387

Rep: Reputation: 38
This is because SSL operates at a lower level than the level hostnames/domains names are transmitted at. So the SSL connection is made before the mention of a domain name.

Thus it is commonly know you can't have more than 1 443/HTTPS server on 1 IP address.

The only way to get it working is to, wildcard cert, like I have. A *.domain.com cert, works on many domains then.
See startssl.com

Or get more IP addresses.

HTH
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to import/use CAcert SSL root certificate to use SSL with Xchat IRC client? GrapefruiTgirl Linux - Software 9 04-05-2011 10:54 AM
Apache SSL untrusted certificate keysorsoze Linux - Server 4 10-08-2008 09:36 PM
apache-ssl certificate no good ocularbob Linux - Software 2 09-30-2003 05:37 PM
How to create new SSL certificate for apache ?? chuck77 Linux - General 7 05-15-2003 02:16 PM
2 certificate ssl in 1 server apache simquest Linux - Software 2 07-24-2002 12:47 PM


All times are GMT -5. The time now is 05:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration