I was asking about if it would be possible to use different security certs on 2 different virtual hosts based on their name, they both work on the same IP address 192.168.0.1 for example.
I was told the option named 'SSLStrictSNIVHostCheck' could be set to off to allow for this to work after reading:
I looked at this site:
http://en.wikipedia.org/wiki/Server_Name_Indication
Which explains that my version of apache which is:
Quote:
[me@myserver ~]$ rpm -q httpd
httpd-2.2.15-15.el6.centos.1.x86_64
|
Which should work right?
This config here is what I have setup for SSL:
Quote:
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
NameVirtualHost *:443
SSLStrictSNIVHostCheck off
<VirtualHost *:443>
DocumentRoot "/www/myhost1.co.uk/html"
ServerName www.myhost1.co.uk:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all TLSv1 -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/www.myhost1.co.uk.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.myhost1.co.uk.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/www/myhost2.co.uk/html"
ServerName www.myhost2.me.uk:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/www.myhost2.me.uk.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.myhost2.me.uk.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
|
I have not changed my original configs which where posted here:
http://www.linuxquestions.org/questi...6/#post4590891 my none ssl based sites.
The problem actually is that when I go to say host
www.myhost2.me.uk I get
www.myhost1.co.uk's cert.
And I of course get
www.myhost1.co.uk's cert when I go to the
www.myhost1.co.uk site if that makes any sense?
Have I setup SSL with SNI option correctly?
Any replies are much appreciated as usual!