Also see https://wiki.apache.org/httpd/NameBasedSSLVHosts
As a rule, it is impossible to host more than one SSL virtual host on the > same IP address and port. This is because Apache needs to know the name of the host in order to > choose the correct certificate to setup the encryption layer. That page links to https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI for more information and requirements on SNI. On Wed, Aug 29, 2018 at 8:54 PM, Jonathan Sélea <jonat...@selea.se> wrote: > It is. > If you try to disable myhost.domain1.org - you will see that > myhost.domain2.org will work over SSL/TLS :) > > > > > On 2018-08-29 19:19, David Rush wrote: > >> Ah, so SNI is dependent on the operating system, not the version of >> Apache HTTPD installed? >> >> I had read about SNI and understood the basics of it, but assumed that >> it was a function of HTTPD version rather than older OS version. >> >> Thanks for your help. >> >> David >> >> On Wed, Aug 29, 2018 at 11:00 AM, Jonathan Sélea <jonat...@selea.se> >> wrote: >> >> I am very sure that this has to do with the fact that older machines >>> simply does not have support for SNI. >>> >>> On 2018-08-29 16:28, David Rush wrote: >>> >>> I'm running httpd 2.4.12 on Windows Server 2003. >>>> >>>> We have things set up and working with http and https using the >>>> primary host name (fully qualified). >>>> >>>> We need for a different domain (same hostname) to work with https. >>>> >>>> These both need to work: >>>> >>>> https://myhost.domain1.org - this works fine >>>> >>>> https://myhost.domain2.org - I can't get this to work >>>> >>>> I have certificates (and key files) for both domains (the first >>>> being >>>> unique to the FQDN, the second being a wildcard for *.domain2.org >>>> [1] >>>> [1]). >>>> >>>> I have <VirtualHost *:443> blocks set up with ServerName >>>> myhost.domain1.org [2] [2] in one, and ServerName >>>> myhost.domain2.org [3] [3] >>>> in the other. Each specifies its proper cert and key files, and >>>> unique DocumentRoot locations. >>>> >>>> httpd.exe -S clearly indicates both VirtualHosts found, no errors >>>> (no >>>> errors from httpd.exe -t, either). >>>> >>>> It appears that the first certificate is always being served >>>> regardless of which host name is used in the browser. Also, the >>>> 2nd >>>> (domain2.org [1] [1]) config has a different DocumentRoot, but >>>> when I tell >>>> the browser to ignore the security warnings I'm being delivered >>>> content from the domain1.org [4] [4] DocumentRoot. >>>> >>>> >>>> Help! >>>> >>>> David >>>> >>>> E-Mail to and from me, in connection with the transaction >>>> of public business, is subject to the Wyoming Public Records >>>> Act and may be disclosed to third parties. >>>> >>>> Links: >>>> ------ >>>> [1] http://domain2.org >>>> [2] http://myhost.domain1.org >>>> [3] http://myhost.domain2.org >>>> [4] http://domain1.org >>>> >>> >>> -- >>> Jonathan Sélea >>> >>> PGP Key: 0x8B35B3C894B964DD >>> Fingerprint: 4AF2 10DE 996B 673C 0FD8 AFA0 8B35 B3C8 94B9 64DD >>> https://jonathanselea.se >>> >>> >>> --------------------------------------------------------------------- >> >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> For additional commands, e-mail: users-h...@httpd.apache.org >>> >> >> E-Mail to and from me, in connection with the transaction >> of public business, is subject to the Wyoming Public Records >> Act and may be disclosed to third parties. >> >> >> Links: >> ------ >> [1] http://domain2.org >> [2] http://myhost.domain1.org >> [3] http://myhost.domain2.org >> [4] http://domain1.org >> > > -- > Jonathan Sélea > > PGP Key: 0x8B35B3C894B964DD > Fingerprint: 4AF2 10DE 996B 673C 0FD8 AFA0 8B35 B3C8 94B9 64DD > https://jonathanselea.se > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
