Unless you're dealing with a new version of Apache which can handle Server Name Indication (a relatively recent TLS extension), you cannot have multiple certificates on the same IP:port combination. (It's a "chicken and egg" problem: the HTTP Host: header is what contains the data about what hostname the client wants to request, but the HTTP header isn't transmitted until after the certificate is checked. This means that the certificate is sent by the server before the client tells the server what name it's trying to connect to, which means it really only has a single certificate that it can deal with.)
To deal with this, you need to either put the two domains on separate ports (which causes URLs of the form https://www.example2.com:4433/ ), or create a certificate with the subjectAlternativeName extension. The sAN is a list of values of the form [DNS:example1.com DNS:www.example1.com DNS:example2.com DNS:www.example2.com]. -Kyle H On Mon, Dec 22, 2008 at 9:49 PM, Eric <bbah...@gmail.com> wrote: > Hi, > I created certificates for two domains for example : example1.com and > example2.com, these domain are located on a web server with one ip address. > each domain has a vitual in http.conf . I configed ssl.cnf for these two > domain. I set virtuals for each one. when I restart httpd it has the warning > that these domains have overlap. and when I open browser It could make ssl > only for the first virtual in ssl.cnf and for the second one has error of > certificate. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
