Multiple server keys / certificates don't work.

Thu, 27 Apr 2000 20:44:08 -0700 

Hi,

I'm using Red Hat Secure Server 3.2 (mod_ssl/2.2.8)
I read the docs and the FAQ. It clearly says that 2.2 can handle multiple 
key/cert combinations.

So I made for each csr a separate key. However, it appears, that as soon as I 
try to have a second key/crt in a VHost, it asks only for the passkey of the 
last VHost, and fails anyway. (FYI, if I put two VHosts with the same key/crt, 
both work - except for the fact that one of the sites has the wrong cert.)

I know that my server works fine since all the key/crt combos do work 
individually. (By commenting out all VHosts except one.)

Here are the VHosts:
--------------------------------------------
NameVirtualHost xxx.xxx.xxx.xxx:443
#
<VirtualHost xxx.xxx.xxx.xxx:443>
ServerName www.domain1.com
ServerAdmin admin
DocumentRoot /home/sites/sitex/web
TransferLog /var/log/httpd/access_log-ssl
SSLEngine on
SSLCertificateFile    /etc/httpd/conf/ssl.crt/www-domain1-com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www-domain1-com.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /var/log/httpd/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
AddHandler cgi-wrapper .cgi
AddHandler cgi-wrapper .pl
AddHandler server-parsed .shtml
AddType    text/html     .shtml
</VirtualHost>

NameVirtualHost xxx.xxx.xxx.xxy:443
#
<VirtualHost xxx.xxx.xxx.xxy:443>
ServerName www.domain2.com
ServerAdmin admin2
DocumentRoot /home/sites/sitey/web
SSLEngine on
SSLCertificateFile    /etc/httpd/conf/ssl.crt/www-domain2-com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www-domain2-com.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /var/log/httpd/ssl_request_log-boothdance \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
AddHandler cgi-wrapper .cgi
AddHandler cgi-wrapper .pl
AddHandler server-parsed .shtml
AddType    text/html     .shtml
</VirtualHost>

Thanks for your help!

Cheers,
Bal�zs

------------------------------------------------------------
Get your high-end web space with  http://www.thenewpush.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to