Hello Sebastien, Short answer: the host running HTTPS must have a dedicated IP address.
Long answer: when a client connects to the server at port 443, the first thing they will do is an SSL handshake. This happens even before the client sends its HTTPS request with the url and Host header. Therefore, during this handshake, the server has no idea what vhost the client wants to connect to, and the server will send the only certificate it has for that IP address. The client will then report a certificate hostname mismatch error. This again happens even before the client sends the HTTPS request. If the client attempts to continue with the connection and sends the HTTPS request with the URL and Host header, what happens at that point is up to the server. What currently happens and what do you want to happen? Allen > -----Original Message----- > From: Sebastien Roy [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 07, 2007 3:41 PM > To: users@httpd.apache.org > Subject: [EMAIL PROTECTED] VHOST and SSL > > > Hi folks, > > We are running Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8b DAV/2 > PHP/5.1.4 and everything is working perfectly except one > thing and I'm > sure it's a configuration problem. We have some domains that > have SSL > certificate and some not. My problem is very simple, what i'm doing > wrong if every vhost works using https and use the same certificate. > What I need is that for exemple https://www.mydomain.com works with > mydomain.com certificate but that https://www.myotherdom.com is not > answering 'cause the SSL is only applied to mydomain.com! > > Right now every vhost is answering to SSL request. The config looks > like that: > > NameVirtualHost x.x.x.x:80 > NameVirtualHost x.x.x.x:443 > > <VirtualHost x.x.x.x:443> > ServerAdmin [EMAIL PROTECTED] > ServerName www.mydomain.com > DocumentRoot /services/mydomain.com > CustomLog /services/www-logs/mydomain.com.log combined > > SSLEngine on > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > SSLCertificateFile /opt/Apache/2.2.3/conf/www.mydomain.com.crt > SSLCertificateKeyFile /opt/Apache/2.2.3/conf/www.mydomain.com.key > SSLCACertificateFile /opt/Apache/2.2.3/conf/SSLCA.crt > > <FilesMatch "\.(cgi|shtml|phtml|php)$"> > SSLOptions +StdEnvVars > </FilesMatch> > <Directory "/opt/Apache/2.2.3/cgi-bin"> > SSLOptions +StdEnvVars > </Directory> > > BrowserMatch ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > </VirtualHost> > > <VirtualHost x.x.x.x:80> > ServerAdmin [EMAIL PROTECTED] > ServerName www.otherdomain.com > ServerAlias otherdomain.com > DocumentRoot /services/otherdomain.com > CustomLog /services/www-logs/otherdomain.com.log > combined </VirtualHost> > > > And my other question is how to replace > > <VirtualHost x.x.x.x:80> > ServerAdmin [EMAIL PROTECTED] > ServerName www.otherdomain.com > ServerAlias otherdomain.com > DocumentRoot /services/otherdomain.com > CustomLog /services/www-logs/otherdomain.com.log > combined </VirtualHost> > > > with something like that: > > <VirtualHost x.x.x.x:80> > ServerAdmin [EMAIL PROTECTED] > ServerName www.$0 > ServerAlias $0 > DocumentRoot /services/$0 > CustomLog /services/www-logs/$0.log combined </VirtualHost> > > > Thanks > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP > Server Project. See > <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
