Hi all,

I really need help to understand what I'm doing wrong and how to solve my 
problems.
Let me first explain the situation.

We have an Apache webserver (Linux), in front of a Jboss application server 
which hosts many different application.
Apache is configured to redirect clients based on virtual hosts definitions 
(depends on client URLs). Note that all applications are available with an URL 
like https://x.example.com, where x is the client name.
We also own a valid SSL wildcard certificate for *.example.com installed on the 
Apache server and mod_ssl enable.

Actually, all the configuration is correct for defined virtual hosts : for 
example, when the client toto try to access his application, he use the URL 
toto.example.com and Apache see that the corresponding virtual host exists.
For non-defined virtual hosts, for example, if he client tata try to access his 
application, the default virtual host (*.example.com) handle the request 
correctly and make some redirection.

Now, for development reasons, we decided to "reproduce" the production 
environment. We decided to simulate client with URL like 
https://x.dev.example.com. So we bought the associated wildcard certificate 
(*.dev.example.com) and installed hit on the same Apache server.

Now, here comes the issues.
First, I added a virtual host for *.dev.example.com placed after the vhost 
*.example.com, and when I tried to access https://titi.dev.example.com with a 
browser, it give a "ssl_error_bad_cert_domain" error. Note that there is no 
errors if I define a specific vhost for titi.dev.example.com but it's not 
sufficient for our needs.
Then, I made a test by putting the *.dev.example vhost before *.example.com, 
and then the URL https://titi.dev.example.com is available without certificates 
errors. But now, the https://toto.example.com URL give me a 
"ssl_error_bad_cert_domain" error.

My question is, how can I have both *.example.com and *.rc.example.com vhost 
working together without any bad certificate errors ?
Maybe I missed something ? or maybe it's not possible ?

Here my Apache configuration :

*         ssl.conf :


NameVirtualHost 192.168.0.10:443

# Virtual host for *.example.com
<VirtualHost 192.168.0.10:443>
DocumentRoot "/var/www/html"
ServerName *.example.com:443

ErrorLog "/var/log/httpd/error_log"
TransferLog "/var/log/httpd/access_log"

SSLEngine on

SSLCertificateFile "/etc/httpd/conf/ssl/all.example.com.crt"
SSLCertificateKeyFile "/etc/httpd/conf/ssl/ all.example.com.key"
SSLCertificateChainFile "/etc/httpd/conf/ssl/CA.pem"
</VirtualHost>

# Virtual host for *.dev.example.com
<VirtualHost 192.168.0.10:443>
DocumentRoot "/var/www/html"
ServerName *.dev.example.com:443

ErrorLog "/var/log/httpd/error_log"
TransferLog "/var/log/httpd/access_log"

SSLEngine on

SSLCertificateFile "/etc/httpd/conf/ssl/ all.dev.example.com.crt"
SSLCertificateKeyFile "/etc/httpd/conf/ssl/ all.dev.example.com.key"
SSLCertificateChainFile "/etc/httpd/conf/ssl/CA.pem"

# Some others directive

</VirtualHost>

# Include for all others virtual hosts
Include /etc/httpd/conf.d/virtualhosts/*.conf


*         One of the "others" vhost :

<VirtualHost 172.17.0.11:443>

DocumentRoot "/var/www/html"
ServerName https://toto.example.com:443

ErrorLog "/var/log/httpd/error_log"
TransferLog "/var/log/httpd/access_log"

SSLEngine on

SSLCertificateFile "/etc/httpd/conf/ssl/all.example.com.crt"
SSLCertificateKeyFile "/etc/httpd/conf/ssl/ all.example.com.key"
SSLCertificateChainFile "/etc/httpd/conf/ssl/CA.pem"

# Some others directive

</VirtualHost>

Please let me know if you need more information.

Many thanks for your time and help, many thanks in advance for your reply, and 
have a good day,

Quentin Charraut

Reply via email to