DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=43218>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43218 Summary: Wrong cert used for vhost if ServerName is same Product: Apache httpd-2 Version: 2.2.4 Platform: PC OS/Version: FreeBSD Status: NEW Severity: normal Priority: P2 Component: mod_ssl AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Setup: Listen *:443 Listen *:444 https <Virtualhost *:443> ServerName web1.example.com ServerAlias www.example.com SSLCertificateFile ssl/www.crt SSLCertificateKeyFile ssl/www.key ErrorLog logs/error_443.log ProxyPass / http://app1.example.com ProxyPassReverse / http://app1.example.com </VirtualHost> <Virtualhost *:444> ServerName web1.example.com ServerAlias www01.example.com SSLCertificateFile ssl/www01.crt SSLCertificateKeyFile ssl/www01.key ErrorLog logs/error_444.log ProxyPass / http://app2.example.com <Location /> ProxyPassReverse / </Location> </VirtualHost> www.crt CN = www.example.com www01.crt CN = www01.example.com Symptoms: At startup I find in error_444.log: "[warn] RSA server certificate CommonName (CN) `www.example.com' does NOT match server name!?" When opening https://www.example.com:444 I get the www.example.com cert Checks performed: * If I break the cert or key filename in the 444 vhost, apache won't start with an error on the filename so it is trying to open the file * If I switch the order of the vhosts, I get the www01.example.com cert for both vhosts and the CN warning is in the error_443.log file * Both the apache-2.2.4_1 port on FreeBSD 6.2 and the ssl build from apachelounge.com behave the same * When the ServerName is changed on one of the vhosts, the correct cerificate is issued for each vhost -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
