LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   SSl in ssl.conf (https://www.linuxquestions.org/questions/linux-newbie-8/ssl-in-ssl-conf-760157/)

millergroup 10-06-2009 04:07 PM

SSl in ssl.conf
 
I have a webserver setup for myself with two domains. Both need ssl.
I am running fedora 10 Apache/mod_ssl.

I am trying to configure ssl.conf to reconize two different ip addresses, one for each domain.

Each has their own Vhost containers (NamedVirtualHHost)

<VirtualHost 192.xxx xxx x01 :443>
blabla
blabla
</VirtualHost>


<VirtualHost 192.xxx xxx x02 :443>
blabla
blabla
</VirtualHost>

I call https... first site works ok

I call https....second site it calls the first ssl cert (bad cert)

Apache does not separate the two.

My question, how do I get apache to deliver https..domain_one and domain_two correctly?

Thank you in advance.

Doculus 10-07-2009 12:31 AM

Sorry, there is no way, afaik, on 1 ip address at least.
The root of problem is that SSL protocol binds to the ip addresss in the negotiation phase.

bathory 10-07-2009 02:38 AM

@OP
Could you replace blablas with the actual directives you use in both vhosts? Are you sure you're using different server names and different certs for the 2 vhosts?

@Doculus
Quote:

Sorry, there is no way, afaik, on 1 ip address at least.
The root of problem is that SSL protocol binds to the ip addresss in the negotiation phase.
This is no longer true as you can use the SNI extension to have multiple ssl vhosts.

millergroup 10-10-2009 09:14 PM

{Resolved}

In order to get two separate SSL domains working both must have its own ip address.

So in httpd.conf the Listen directive must be listed in the config file for both (or more) ip addresses.

Example:
Listen 192.160.0.1:80
Listen 192.168.0.2:80

Then for your virtual host containers:

<NamedVirtualHost 192.168.0.1:80>

<VirtualHost 192.168.0.1>
blabla
blabla
</VirtualHost>

<NamedVirtualHost 192.168.0.2:80> (this was the trick to get it working)

<VirtualHost 192.168.0.2:80>
blabla
blabla
</VirtualHost>


This does not have to be done in your sss.conf file.
Your virtual host containers for ssl.conf is normal configuration, as httpd.conf is already doing what needs to be done separating the two different domains.


All times are GMT -5. The time now is 04:52 PM.