[Gllug] SSL with NameVirtualHost in Apache -- how?
tet at accucard.com
tet at accucard.com
Thu Aug 9 14:34:20 UTC 2001
Subject says it all, really. I want to use two name based virtual
hosts from Apache, and I want to use SSL with them both. I've got
them both up and running, but no matter which one I go to, I get
the certificate from the first one. I essentially have:
NameVirtualHost 192.168.1.1:80
NameVirtualHost 192.168.1.1:443
<VirtualHost 192.168.1.1:80>
Port 80
ServerName foo.example.com
SSLEngine off
DocumentRoot /stuff/foo
</VirtualHost>
<VirtualHost 192.168.1.1:443>
Port 443
ServerName foo.example.com
SSLEngine on
SSLCertificateFile /stuff/certificates/foo.server.crt
SSLCertificateKeyFile /stuff/certificates/foo.server.key
DocumentRoot /stuff/foo
</VirtualHost>
<VirtualHost 192.168.1.1:80>
Port 80
ServerName bar.example.com
SSLEngine off
DocumentRoot /stuff/bar
</VirtualHost>
<VirtualHost 192.168.1.1:443>
Port 443
ServerName bar.example.com
SSLEngine on
SSLCertificateFile /stuff/certificates/bar.server.crt
SSLCertificateKeyFile /stuff/certificates/bar.server.key
DocumentRoot /stuff/bar
</VirtualHost>
I always get the foo.example.com certificate, no matter which site I
go to.
My initial thought was that it was doing a reverse DNS lookup on
192.168.1.1 which would always resolve to foo.example.com, and that
we'd be forced to switch to IP based virtual hosts (sub-optimal,
because Colt are refusing to allocate us anything more than a /28,
so our IP addresses are somewhat scarce at the moment).
However, if we change the order of VirtualHost entries so that those
for bar.example.com come first in the config file, then we get that
corresponding certificate for both sites instead, which tends to
imply it's nothing to do with reverse lookups.
Any ideas? I'm a bit stuck on this one, and I really need to get it
working...
Thanks,
Tet
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list