This is not a bug but a SNI feature
(http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI).
Check if you have not defined
NameVirtualHost *:424
NameVirtualHost *:444
Jan.
Try your same config but use A for the ServerName in both VirtualHost
sections. Based on what I've seen, you should then get 1.crt from
either port, and never get 2.crt, which seems like a bug.
On Wed, Oct 23, 2013 at 3:14 AM, Jan Vávra <va...@602.cz
<mailto:va...@602.cz>> wrote:
Hello,
it is obvious you are using port based virtual host. My question
was for assuring you have configured basics well.
So I suppose you have:
Listen *:424 https
<VirtualHost *:424>
ServerName A
SSLCertificateFile 1.crt
*SSLCertificateKeyFile 1.key*
#and probably also
SSLCertificateChainFile chain.crt
</VirtualHost>
I have made a test and it works fine.
I do not use wildcards, I directly specify the IP address.
Listen 424 https
Listen 444 https
<VirtualHost 192.168.1.211:424 <http://192.168.1.211:424>>
ServerName A
SSLCertificateFile 1.crt
SSLCertificateKeyFile 1.key
</VirtualHost>
<VirtualHost 192.168.1.211:444 <http://192.168.1.211:444>>
ServerName B
SSLCertificateFile 2.crt
SSLCertificateKeyFile 2.key
</VirtualHost>
and in my hosts file there are recors
192.168.1.211 A
192.168.1.211 B
Try to call httpd -S. In my case it shows
VirtualHost configuration:
....
192.168.1.211:424 <http://192.168.1.211:424> A (1.conf)
192.168.1.211:444 <http://192.168.1.211:444> B (2.conf)
For A and B I use some real names eg. www.mycompany1.cz
<http://www.mycompany1.cz>, www.mycompany2.cz
<http://www.mycompany2.cz>.
Do you even know about name based virtual https host?
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
Most clients support this and I use it in production.
Jan
The certificates are specified in port based virtual hosts, there
is no NameVirtualHost here. So I would expect the specified
certificate to be served on the corresponding port no matter what
host header was passed.
On Tue, Oct 22, 2013 at 4:50 PM, Jan Vávra <va...@602.cz
<mailto:va...@602.cz>> wrote:
Hello.
For sure have you not forgotten specifying option
SSLCertificateKeyFile ?
What is the url you are using?
If you use https://localost:424 instead of https://a:424,
you can get weird results.
I can also try it, if your problem persists. My last several
years is full of creating and using certificates ;-)
Jan.
I two virtual hosts on different ports specify different
certificate files, but use the same ServerName, both
ports use the same certificate. Is this expected behavior?
With this config:
Listen *:424 https
<VirtualHost *:424>
ServerName A
SSLCertificateFile 1.crt
</VirtualHost>
Listen *:444 https
<VirtualHost *:444>
ServerName A
SSLCertificateFile 2.crt
</VirtualHost>
connecting to either 424 or 444, I get cert 1.
With this config:
Listen *:424 https
<VirtualHost *:424>
ServerName A
SSLCertificateFile 1.crt
</VirtualHost>
Listen *:444 https
<VirtualHost *:444>
ServerName B
SSLCertificateFile 2.crt
</VirtualHost>
connecting to 424 gets me cert 1, and connecting to 444
gets me cert 2.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
<mailto:users-unsubscr...@httpd.apache.org>
For additional commands, e-mail: users-h...@httpd.apache.org
<mailto:users-h...@httpd.apache.org>
