osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] VirtualHost and HTTPS


Thanks for the additional info.

David

On Thu, Aug 30, 2018 at 1:01 AM, Gillis J. de Nijs <gillis@xxxxxxxx.invalid> wrote:

As a rule, it is impossible to host more than one SSL virtual host on the same IP address and port.
This is because Apache needs to know the name of the host in order to choose the correct certificate to setup the encryption layer.

That page links to https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI for more information and requirements on SNI. 

On Wed, Aug 29, 2018 at 8:54 PM, Jonathan Sélea <jonathan@xxxxxxxx> wrote:
It is.
If you try to disable myhost.domain1.org - you will see that myhost.domain2.org will work over SSL/TLS :)




On 2018-08-29 19:19, David Rush wrote:
Ah, so SNI is dependent on the operating system, not the version of
Apache HTTPD installed?

I had read about SNI and understood the basics of it, but assumed that
it was a function of HTTPD version rather than older OS version.

Thanks for your help.

David

On Wed, Aug 29, 2018 at 11:00 AM, Jonathan Sélea <jonathan@xxxxxxxx>
wrote:

I am very sure that this has to do with the fact that older machines
simply does not have support for SNI.

On 2018-08-29 16:28, David Rush wrote:

I'm running httpd 2.4.12 on Windows Server 2003.

We have things set up and working with http and https using the
primary host name (fully qualified).

We need for a different domain (same hostname) to work with https.

These both need to work:

https://myhost.domain1.org - this works fine

https://myhost.domain2.org - I can't get this to work

I have certificates (and key files) for both domains (the first
being
unique to the FQDN, the second being a wildcard for *.domain2.org
[1]
[1]).

I have <VirtualHost *:443> blocks set up with ServerName
myhost.domain1.org [2] [2] in one, and ServerName
myhost.domain2.org [3] [3]
in the other.  Each specifies its proper cert and key files, and
unique DocumentRoot locations.

httpd.exe -S clearly indicates both VirtualHosts found, no errors
(no
errors from httpd.exe -t, either).

It appears that the first certificate is always being served
regardless of which host name is used in the browser.  Also, the
2nd
(domain2.org [1] [1]) config has a different DocumentRoot, but
when I tell
the browser to ignore the security warnings I'm being delivered
content from the domain1.org [4] [4] DocumentRoot.


Help!

David

E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.

Links:
------
[1] http://domain2.org
[2] http://myhost.domain1.org
[3] http://myhost.domain2.org
[4] http://domain1.org

--
Jonathan Sélea

PGP Key: 0x8B35B3C894B964DD
Fingerprint: 4AF2 10DE 996B 673C 0FD8  AFA0 8B35 B3C8 94B9 64DD
https://jonathanselea.se


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.


Links:
------
[1] http://domain2.org
[2] http://myhost.domain1.org
[3] http://myhost.domain2.org
[4] http://domain1.org

--
Jonathan Sélea

PGP Key: 0x8B35B3C894B964DD
Fingerprint: 4AF2 10DE 996B 673C 0FD8  AFA0 8B35 B3C8 94B9 64DD
https://jonathanselea.se

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.