you need to set the cert files per virtual domain
example :
<VirtualHost *:443>
ServerName underconstruction.scom.ca
ServerAlias underconstruction.scom.ca
DocumentRoot /www/underconstruction.scom.ca
SSLEngine on
SSLProtocol all
SSLCertificateKeyFile /www/scom.ca/ssl/scom.ca.key
SSLCertificateFile /www/scom.ca/ssl/scom.ca.crt
SSLCertificateChainFile /www/scom.ca/ssl/scom.ca.chain
</VirtualHost>
<VirtualHost *:443>
ServerName ekst.ca
ServerAlias ekst.ca
ServerAlias www.ekst.ca
DocumentRoot /www/ekst.ca
SSLEngine on
SSLProtocol all
SSLCertificateFile /www/ekst.ca/ssl/ekst.ca.crt
SSLCertificateKeyFile /www/ekst.ca/ssl/ekst.ca.key
SSLCertificateChainFile /www/ekst.ca/ssl/ekst.ca.chain
</VirtualHost>
Happy Wednesday !!!
Thanks - paul
Paul Kudla
Scom.ca Internet Services <http://www.scom.ca>
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3
Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
On 5/18/2022 5:26 PM, frank picabia wrote:
Sorry, different domain.
300 hosts like *.example1.com <http://example1.com>
and now we have 1 example2.com <http://example2.com>
On Wed, May 18, 2022 at 4:31 PM Frank Gingras <thu...@apache.org
<mailto:thu...@apache.org>> wrote:
See if you can add a SAN to that wildcard certificate first.
On Wed, 18 May 2022 at 15:21, frank picabia <fpica...@gmail.com
<mailto:fpica...@gmail.com>> wrote:
We have a server with over 300 vhosts on it. Marketing/CMS
madness I guess.
All on the same domain name. Many VirtualHosts are defined with
*:443
and then ServerName to rely on SNI.
We have a wildcard cert for the domain and all the hosts use that.
Now there is a different domain to add for SSL. For some reason
the first domain name's certificate is being found. I've put the
IP for our new comer domain so we have <VirtualHost *MailScanner
warning: numerical links are often malicious:* 1.1.1.1:443
<http://1.1.1.1:443> >
but it is still finding the other cert. This IP is uniquely
assigned
with the different domain, as you'd expect with DNS. So it can't
be a overlap of the IP used elsewhere.
Researching this problem ("wrong cert loaded for vhost"),
I read that in the initial SSL connection, it
is talking to the IP, and whatever values we have for ServerName
have no bearing until the page is being accessed. If that's the
case
then it might have matched another vhost with *:443 first
I tried putting my new domain at the top of ssl.conf but it made
no difference.
I'm thinking I need to edit each *:443 case and change it to the
appropriate IP.
That will be a lot of work, so I'm looking for affirmation that
is likely to make the difference.
--
This message has been scanned for viruses and
dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
believed to be clean.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
