SSL Name Based Virtual Hosts Apache with SNI enabled not working as expected
I was asking about if it would be possible to use different security certs on 2 different virtual hosts based on their name, they both work on the same IP address 192.168.0.1 for example.
I was told the option named 'SSLStrictSNIVHostCheck' could be set to off to allow for this to work after reading: I looked at this site: http://en.wikipedia.org/wiki/Server_Name_Indication Which explains that my version of apache which is: Quote:
This config here is what I have setup for SSL: Quote:
http://www.linuxquestions.org/questi...6/#post4590891 my none ssl based sites. The problem actually is that when I go to say host www.myhost2.me.uk I get www.myhost1.co.uk's cert. And I of course get www.myhost1.co.uk's cert when I go to the www.myhost1.co.uk site if that makes any sense? Have I setup SSL with SNI option correctly? Any replies are much appreciated as usual! |
Hi,
Try to use plain: Code:
ServerName www.myhost1.co.uk |
Just without the virtualhost tags so omit those you mean?
Thanks for your speedy reply, Jez |
No, inside each of the 2 <VirtualHost ..> containers leave the ServerName without the trailing ":443"
|
Depending on what you have in mind you may be better off with a multi-domain certificate for the IP address instead, SNI does rely on the client browser being SNI aware/compatible so you might want to take a look at wikipedia to see if you'll run in to problems with your desired audience.
|
Oh yes of course, I can't imagine right now anyone really using my webmail access which is what I wanted to use it for it's really just for me and my mailadmin being able to add alias users to mailboxes and things like that I use it for but my own personal use.
All the browsers I do use are compatible with this config, but if that should change then I will reassess my needs, thanks for the info though makes perfect sense I will mark this as solved though as it's completed what I wanted to achieve and many thanks for your advice it's much appreciated! Thanks again, Jez. |
All times are GMT -5. The time now is 06:49 PM. |