I am not using name based virtual hosts, so there is no SNI here.
On Thu, Oct 24, 2013 at 6:52 AM, Jan Vávra <va...@602.cz> wrote: > This is not a bug but a SNI feature ( > http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI). > Check if you have not defined > NameVirtualHost *:424 > NameVirtualHost *:444 > Jan. > > > > Try your same config but use A for the ServerName in both VirtualHost > sections. Based on what I've seen, you should then get 1.crt from either > port, and never get 2.crt, which seems like a bug. > > > On Wed, Oct 23, 2013 at 3:14 AM, Jan Vávra <va...@602.cz> wrote: > >> Hello, >> it is obvious you are using port based virtual host. My question was for >> assuring you have configured basics well. >> So I suppose you have: >> >> >> Listen *:424 https >> <VirtualHost *:424> >> ServerName A >> SSLCertificateFile 1.crt >> *SSLCertificateKeyFile 1.key* >> >> #and probably also >> SSLCertificateChainFile chain.crt >> >> </VirtualHost> >> >> >> I have made a test and it works fine. >> I do not use wildcards, I directly specify the IP address. >> >> Listen 424 https >> Listen 444 https >> <VirtualHost 192.168.1.211:424> >> ServerName A >> SSLCertificateFile 1.crt >> SSLCertificateKeyFile 1.key >> </VirtualHost> >> >> <VirtualHost 192.168.1.211:444> >> ServerName B >> SSLCertificateFile 2.crt >> SSLCertificateKeyFile 2.key >> </VirtualHost> >> >> and in my hosts file there are recors >> 192.168.1.211 A >> 192.168.1.211 B >> >> Try to call httpd -S. In my case it shows >> VirtualHost configuration: >> .... >> 192.168.1.211:424 A (1.conf) >> 192.168.1.211:444 B (2.conf) >> >> For A and B I use some real names eg. www.mycompany1.cz, >> www.mycompany2.cz. >> >> Do you even know about name based virtual https host? >> http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI >> Most clients support this and I use it in production. >> >> Jan >> >> The certificates are specified in port based virtual hosts, there is >> no NameVirtualHost here. So I would expect the specified certificate to be >> served on the corresponding port no matter what host header was passed. >> >> >> On Tue, Oct 22, 2013 at 4:50 PM, Jan Vávra <va...@602.cz> wrote: >> >>> Hello. >>> For sure have you not forgotten specifying option SSLCertificateKeyFile >>> ? >>> What is the url you are using? >>> If you use https://localost:424 instead of https://a:424, you can get >>> weird results. >>> >>> I can also try it, if your problem persists. My last several years is >>> full of creating and using certificates ;-) >>> >>> Jan. >>> >>> >>> I two virtual hosts on different ports specify different certificate >>>> files, but use the same ServerName, both ports use the same certificate. >>>> Is this expected behavior? >>>> >>>> >>>> With this config: >>>> >>>> Listen *:424 https >>>> <VirtualHost *:424> >>>> ServerName A >>>> SSLCertificateFile 1.crt >>>> </VirtualHost> >>>> >>>> Listen *:444 https >>>> <VirtualHost *:444> >>>> ServerName A >>>> SSLCertificateFile 2.crt >>>> </VirtualHost> >>>> >>>> connecting to either 424 or 444, I get cert 1. >>>> >>>> With this config: >>>> >>>> Listen *:424 https >>>> <VirtualHost *:424> >>>> ServerName A >>>> SSLCertificateFile 1.crt >>>> </VirtualHost> >>>> >>>> Listen *:444 https >>>> <VirtualHost *:444> >>>> ServerName B >>>> SSLCertificateFile 2.crt >>>> </VirtualHost> >>>> >>>> connecting to 424 gets me cert 1, and connecting to 444 gets me cert 2. >>>> >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> For additional commands, e-mail: users-h...@httpd.apache.org >>> >>> >> >> > >
