On 12.03.2015 15:51, Quentin CHARRAUT wrote: > Hi all, > > I really need help to understand what I'm doing wrong and how to solve my > problems. > Let me first explain the situation. > > We have an Apache webserver (Linux), in front of a Jboss application server > which hosts many different application. > Apache is configured to redirect clients based on virtual hosts definitions > (depends on client URLs). Note that all applications are available with an > URL like https://x.example.com, where x is the client name. > We also own a valid SSL wildcard certificate for *.example.com installed on > the Apache server and mod_ssl enable. > > Actually, all the configuration is correct for defined virtual hosts : for > example, when the client toto try to access his application, he use the URL > toto.example.com and Apache see that the corresponding virtual host exists. > For non-defined virtual hosts, for example, if he client tata try to access > his application, the default virtual host (*.example.com) handle the request > correctly and make some redirection. > > Now, for development reasons, we decided to "reproduce" the production > environment. We decided to simulate client with URL like > https://x.dev.example.com. So we bought the associated wildcard certificate > (*.dev.example.com) and installed hit on the same Apache server. > > Now, here comes the issues. > First, I added a virtual host for *.dev.example.com placed after the vhost > *.example.com, and when I tried to access https://titi.dev.example.com with a > browser, it give a "ssl_error_bad_cert_domain" error. Note that there is no > errors if I define a specific vhost for titi.dev.example.com but it's not > sufficient for our needs. > Then, I made a test by putting the *.dev.example vhost before *.example.com, > and then the URL https://titi.dev.example.com is available without > certificates errors. But now, the https://toto.example.com URL give me a > "ssl_error_bad_cert_domain" error. > > My question is, how can I have both *.example.com and *.rc.example.com vhost > working together without any bad certificate errors ? > Maybe I missed something ? or maybe it's not possible ?
The wildcard only works on one level so you'll need two certificates for this one for *.example.com and one for *.rc.example.com. Regards, Dennis --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
