SSL and Virtual hosts

Fri, 20 Feb 2004 02:18:40 -0800

Hello,

I have this server that I'm going to run several virtualhosts. The
servers are for this example named test1, test2 and test3.

The server listens on two IP's: .10 and .11. Server test1 and test2
should listen on IP .10, and test3 on IP .11.

The server certificate for test1 and test3 presents the correct
certificate as it should. However, the server test2 certificate does
not. It presents the test1 certificate (probably because of the same use
of IP-address) instead of the correct test2 - which in turn makes the
clients pop up warning about the requestion because the certificate is
not issued to the correct name ("- The server's name "test2.mydomain.org" does not match the certificate's name "test1.mydomain.org". Somebody may be trying to eavesdrop on you.")

Is there a way to make it present the correct certificate for the
correct named server (on the same IP)?

I'm running Debian testing latest versions on a i686:
Server Version: Apache/1.3.29 Ben-SSL/1.52 (Debian GNU/Linux)
debian versions: apache-ssl  1.3.29.0.1-5

Regards,
Svein Seldal




Part of my httpd.conf:
----------------------

SSLDisable
SSLVerifyClient 2
....my other SSL settings....

Listen 192.168.0.10:443
Listen 192.168.0.11:443
NameVirtualHost 192.168.0.10:443
NameVirtualHost 192.168.0.11:443

<VirtualHost 192.168.0.10:443>
ServerName test1.mydomain.org
SSLEnable
SSLRequireSSL
SSLCertificateFile /path/test1.crt
SSLCertificateKeyFile /path/test1.key
SSLCACertificateFile /path/test1_okaccess.crt
....other HTML definitions....

</VirtualHost>

<VirtualHost 192.168.0.10:443>
ServerName test2.mydomain.org
SSLEnable
SSLRequireSSL
SSLCertificateFile /path/test2.crt
SSLCertificateKeyFile /path/test2.key
SSLCACertificateFile /path/test2_okaccess.crt
....other HTML definitions....

</VirtualHost>

<VirtualHost 192.168.0.11:443>
ServerName test3.mydomain.org
SSLEnable
SSLRequireSSL
SSLCertificateFile /path/test3.crt
SSLCertificateKeyFile /path/test3.key
SSLCACertificateFile /path/test3_okaccess.crt
....other HTML definitions....

</VirtualHost>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to