Hi all, I really need help to understand what I'm doing wrong and how to solve my problems. Let me first explain the situation.
We have an Apache webserver (Linux), in front of a Jboss application server which hosts many different application. Apache is configured to redirect clients based on virtual hosts definitions (depends on client URLs). Note that all applications are available with an URL like https://x.example.com, where x is the client name. We also own a valid SSL wildcard certificate for *.example.com installed on the Apache server and mod_ssl enable. Actually, all the configuration is correct for defined virtual hosts : for example, when the client toto try to access his application, he use the URL toto.example.com and Apache see that the corresponding virtual host exists. For non-defined virtual hosts, for example, if he client tata try to access his application, the default virtual host (*.example.com) handle the request correctly and make some redirection. Now, for development reasons, we decided to "reproduce" the production environment. We decided to simulate client with URL like https://x.dev.example.com. So we bought the associated wildcard certificate (*.dev.example.com) and installed hit on the same Apache server. Now, here comes the issues. First, I added a virtual host for *.dev.example.com placed after the vhost *.example.com, and when I tried to access https://titi.dev.example.com with a browser, it give a "ssl_error_bad_cert_domain" error. Note that there is no errors if I define a specific vhost for titi.dev.example.com but it's not sufficient for our needs. Then, I made a test by putting the *.dev.example vhost before *.example.com, and then the URL https://titi.dev.example.com is available without certificates errors. But now, the https://toto.example.com URL give me a "ssl_error_bad_cert_domain" error. My question is, how can I have both *.example.com and *.rc.example.com vhost working together without any bad certificate errors ? Maybe I missed something ? or maybe it's not possible ? Here my Apache configuration : * ssl.conf : NameVirtualHost 192.168.0.10:443 # Virtual host for *.example.com <VirtualHost 192.168.0.10:443> DocumentRoot "/var/www/html" ServerName *.example.com:443 ErrorLog "/var/log/httpd/error_log" TransferLog "/var/log/httpd/access_log" SSLEngine on SSLCertificateFile "/etc/httpd/conf/ssl/all.example.com.crt" SSLCertificateKeyFile "/etc/httpd/conf/ssl/ all.example.com.key" SSLCertificateChainFile "/etc/httpd/conf/ssl/CA.pem" </VirtualHost> # Virtual host for *.dev.example.com <VirtualHost 192.168.0.10:443> DocumentRoot "/var/www/html" ServerName *.dev.example.com:443 ErrorLog "/var/log/httpd/error_log" TransferLog "/var/log/httpd/access_log" SSLEngine on SSLCertificateFile "/etc/httpd/conf/ssl/ all.dev.example.com.crt" SSLCertificateKeyFile "/etc/httpd/conf/ssl/ all.dev.example.com.key" SSLCertificateChainFile "/etc/httpd/conf/ssl/CA.pem" # Some others directive </VirtualHost> # Include for all others virtual hosts Include /etc/httpd/conf.d/virtualhosts/*.conf * One of the "others" vhost : <VirtualHost 172.17.0.11:443> DocumentRoot "/var/www/html" ServerName https://toto.example.com:443 ErrorLog "/var/log/httpd/error_log" TransferLog "/var/log/httpd/access_log" SSLEngine on SSLCertificateFile "/etc/httpd/conf/ssl/all.example.com.crt" SSLCertificateKeyFile "/etc/httpd/conf/ssl/ all.example.com.key" SSLCertificateChainFile "/etc/httpd/conf/ssl/CA.pem" # Some others directive </VirtualHost> Please let me know if you need more information. Many thanks for your time and help, many thanks in advance for your reply, and have a good day, Quentin Charraut
