Hi,
I am trying to configure multiple (3) ssl vhosts in Apache on Slackware unfortunately all vhosts are trying to use certs from the first vhost which cause "Your connection is not secure" error. I don't really understand why, here is my config:
Code:
Listen [::]:443
Listen 0.0.0.0:443
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLStaplingCache shmcb:/var/run/ocsp(128000)
##
## SSL Virtual Host Context
##
<VirtualHost domain1.com:443>
DocumentRoot "/var/www/htdocs/www.domain1.com"
ServerName domain1.com:443
ServerAlias www.domain1.com:443
ServerAdmin @
ErrorLog "/var/log/httpd/domain1.com-ssl_error.log"
TransferLog "/var/log/httpd/domain1.com-ssl_access.log"
CustomLog "/var/log/httpd/domain1.com-ssl_custom.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
LogLevel warn
<FilesMatch "\.(cgi|shtml|phtml|php|txt)$">
SSLOptions +StdEnvVars
</FilesMatch>
SSLEngine on
SSLCertificateFile /etc/ssl/domain1/4f0facdd84c0c5.crt
SSLCertificateKeyFile /etc/ssl/domain1/domain1-decrypted.key
SSLCertificateChainFile /etc/ssl/domain1/gd_bundle-g2-g1.crt
Header always add Strict-Transport-Security "max-age=15768000"
BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
<VirtualHost domain2.com:443>
DocumentRoot "/var/www/htdocs/www.domain2.com"
ServerName domain2.com:443
ServerAlias www.domain2.com:443
ServerAdmin @
ErrorLog "/var/log/httpd/domain2.com-ssl_error.log"
TransferLog "/var/log/httpd/domain2.com-ssl_access.log"
CustomLog "/var/log/httpd/domain2.com-ssl_custom.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
LogLevel warn
<FilesMatch "\.(cgi|shtml|phtml|php|txt)$">
SSLOptions +StdEnvVars
</FilesMatch>
SSLEngine on
SSLCertificateFile /etc/ssl/domain2/5ceab673c3bfddf1.crt
SSLCertificateKeyFile /etc/ssl/domain2/domain2.com.key
SSLCertificateChainFile /etc/ssl/domain2/gd_bundle-g2-g1.crt
Header always add Strict-Transport-Security "max-age=15768000"
BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
<VirtualHost rma.domain2.com:443>
DocumentRoot "/home/domain2/public_html"
ServerName rma.domain2.com:443
ServerAlias www.rma.domain2.com:443
ServerAdmin @
ErrorLog "/var/log/httpd/rma.domain2.com-ssl_error.log"
TransferLog "/var/log/httpd/rma.domain2.com-ssl_access.log"
CustomLog "/var/log/httpd/rma.domain2.com-ssl_custom.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
LogLevel warn
<FilesMatch "\.(cgi|shtml|phtml|php|txt)$">
SSLOptions +StdEnvVars
</FilesMatch>
SSLEngine on
SSLCertificateFile /etc/ssl/domain2/5ceab673c3bfddf1.crt
SSLCertificateKeyFile /etc/ssl/domain2/domain2.com.key
SSLCertificateChainFile /etc/ssl/domain2/gd_bundle-g2-g1.crt
Header always add Strict-Transport-Security "max-age=15768000"
BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
