OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] VirtualHost and HTTPS


Ah, so SNI is dependent on the operating system, not the version of Apache HTTPD installed?

I had read about SNI and understood the basics of it, but assumed that it was a function of HTTPD version rather than older OS version.

Thanks for your help.

David

On Wed, Aug 29, 2018 at 11:00 AM, Jonathan Sélea <jonathan@xxxxxxxx> wrote:
I am very sure that this has to do with the fact that older machines simply does not have support for SNI.


On 2018-08-29 16:28, David Rush wrote:
I'm running httpd 2.4.12 on Windows Server 2003.

We have things set up and working with http and https using the
primary host name (fully qualified).

We need for a different domain (same hostname) to work with https.

These both need to work:

https://myhost.domain1.org - this works fine

https://myhost.domain2.org - I can't get this to work

I have certificates (and key files) for both domains (the first being
unique to the FQDN, the second being a wildcard for *.domain2.org
[1]).

I have <VirtualHost *:443> blocks set up with ServerName
myhost.domain1.org [2] in one, and ServerName myhost.domain2.org [3]
in the other.  Each specifies its proper cert and key files, and
unique DocumentRoot locations.

httpd.exe -S clearly indicates both VirtualHosts found, no errors (no
errors from httpd.exe -t, either).

It appears that the first certificate is always being served
regardless of which host name is used in the browser.  Also, the 2nd
(domain2.org [1]) config has a different DocumentRoot, but when I tell
the browser to ignore the security warnings I'm being delivered
content from the domain1.org [4] DocumentRoot.

Help!

David

E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.


Links:
------
[1] http://domain2.org
[2] http://myhost.domain1.org
[3] http://myhost.domain2.org
[4] http://domain1.org

--
Jonathan Sélea

PGP Key: 0x8B35B3C894B964DD
Fingerprint: 4AF2 10DE 996B 673C 0FD8  AFA0 8B35 B3C8 94B9 64DD
https://jonathanselea.se

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.