Thanks for the additional info. David
On Thu, Aug 30, 2018 at 1:01 AM, Gillis J. de Nijs <gil...@jink.net.invalid> wrote: > Also see https://wiki.apache.org/httpd/NameBasedSSLVHosts > > As a rule, it is impossible to host more than one SSL virtual host on the >> same IP address and port. > > This is because Apache needs to know the name of the host in order to >> choose the correct certificate to setup the encryption layer. > > > That page links to https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI > for more information and requirements on SNI. > > On Wed, Aug 29, 2018 at 8:54 PM, Jonathan Sélea <jonat...@selea.se> wrote: > >> It is. >> If you try to disable myhost.domain1.org - you will see that >> myhost.domain2.org will work over SSL/TLS :) >> >> >> >> >> On 2018-08-29 19:19, David Rush wrote: >> >>> Ah, so SNI is dependent on the operating system, not the version of >>> Apache HTTPD installed? >>> >>> I had read about SNI and understood the basics of it, but assumed that >>> it was a function of HTTPD version rather than older OS version. >>> >>> Thanks for your help. >>> >>> David >>> >>> On Wed, Aug 29, 2018 at 11:00 AM, Jonathan Sélea <jonat...@selea.se> >>> wrote: >>> >>> I am very sure that this has to do with the fact that older machines >>>> simply does not have support for SNI. >>>> >>>> On 2018-08-29 16:28, David Rush wrote: >>>> >>>> I'm running httpd 2.4.12 on Windows Server 2003. >>>>> >>>>> We have things set up and working with http and https using the >>>>> primary host name (fully qualified). >>>>> >>>>> We need for a different domain (same hostname) to work with https. >>>>> >>>>> These both need to work: >>>>> >>>>> https://myhost.domain1.org - this works fine >>>>> >>>>> https://myhost.domain2.org - I can't get this to work >>>>> >>>>> I have certificates (and key files) for both domains (the first >>>>> being >>>>> unique to the FQDN, the second being a wildcard for *.domain2.org >>>>> [1] >>>>> [1]). >>>>> >>>>> I have <VirtualHost *:443> blocks set up with ServerName >>>>> myhost.domain1.org [2] [2] in one, and ServerName >>>>> myhost.domain2.org [3] [3] >>>>> in the other. Each specifies its proper cert and key files, and >>>>> unique DocumentRoot locations. >>>>> >>>>> httpd.exe -S clearly indicates both VirtualHosts found, no errors >>>>> (no >>>>> errors from httpd.exe -t, either). >>>>> >>>>> It appears that the first certificate is always being served >>>>> regardless of which host name is used in the browser. Also, the >>>>> 2nd >>>>> (domain2.org [1] [1]) config has a different DocumentRoot, but >>>>> when I tell >>>>> the browser to ignore the security warnings I'm being delivered >>>>> content from the domain1.org [4] [4] DocumentRoot. >>>>> >>>>> >>>>> Help! >>>>> >>>>> David >>>>> >>>>> E-Mail to and from me, in connection with the transaction >>>>> of public business, is subject to the Wyoming Public Records >>>>> Act and may be disclosed to third parties. >>>>> >>>>> Links: >>>>> ------ >>>>> [1] http://domain2.org >>>>> [2] http://myhost.domain1.org >>>>> [3] http://myhost.domain2.org >>>>> [4] http://domain1.org >>>>> >>>> >>>> -- >>>> Jonathan Sélea >>>> >>>> PGP Key: 0x8B35B3C894B964DD >>>> Fingerprint: 4AF2 10DE 996B 673C 0FD8 AFA0 8B35 B3C8 94B9 64DD >>>> https://jonathanselea.se >>>> >>>> >>>> --------------------------------------------------------------------- >>> >>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>>> For additional commands, e-mail: users-h...@httpd.apache.org >>>> >>> >>> E-Mail to and from me, in connection with the transaction >>> of public business, is subject to the Wyoming Public Records >>> Act and may be disclosed to third parties. >>> >>> >>> Links: >>> ------ >>> [1] http://domain2.org >>> [2] http://myhost.domain1.org >>> [3] http://myhost.domain2.org >>> [4] http://domain1.org >>> >> >> -- >> Jonathan Sélea >> >> PGP Key: 0x8B35B3C894B964DD >> Fingerprint: 4AF2 10DE 996B 673C 0FD8 AFA0 8B35 B3C8 94B9 64DD >> https://jonathanselea.se >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> > -- E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties.
