Hi all,
Apologies if this has been asked before - I'm very new to this list.
I'm running Apache 1.3.26 with mod-ssl 2.8.9-1.3.26. There are many domains
on the box in question (40ish) and 2 of them use SSL. For the sake of
argument let's call them example.com and example2.com - these are both
name-based virtual servers.
I've created certificates for them using the ssl.ca package - I created my
own root CA and then generated/signed certificates for both domains,
providing the correct CN in each case.
So we have example.com CA key signing server certificates for
www.example.com and www.example2.com.
Whenever I go to https://www.example.com/ - it works great. No problems
whatsoever. However with https://www.example2.com/ it seems to be using the
certificate for www.example.com - IE pops up the error saying that the name
on the cert doesn't match the site name.
The thing that is baffling me is that this *did* work at one point. I first
set up SSL and got it working perfectly for both domains around about July
last year - using whatever was the latest version at that point.
The ssl_engine_log file shows the following for a request for a single HTML
file on www.example2.com
[28/Jun/2002 10:14:04 01309] [info] Connection to child 6 established
(server www.example.com:443, client 217.135.39.70)
[28/Jun/2002 10:14:04 01309] [info] Seeding PRNG with 23177 bytes of
entropy
[28/Jun/2002 10:14:04 01309] [info] Connection: Client IP: 217.135.39.70,
Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[28/Jun/2002 10:14:04 01309] [info] Connection to child 6 closed with
standard shutdown (server www.example.com:443, client 217.135.39.70)
[28/Jun/2002 10:14:06 01310] [info] Connection to child 7 established
(server www.example.com:443, client 217.135.39.70)
[28/Jun/2002 10:14:06 01310] [info] Seeding PRNG with 23177 bytes of
entropy
[28/Jun/2002 10:14:07 01310] [info] Connection: Client IP: 217.135.39.70,
Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[28/Jun/2002 10:14:07 01310] [info] Initial (No.1) HTTPS request received
for child 7 (server www.example2.com:443)
[28/Jun/2002 10:14:07 01310] [info] Connection to child 7 closed with
unclean shutdown (server www.example2.com:443, client 217.135.39.70)
THe useful parts of my httpd.conf are in the attached file.
If anyone could help with this I'd be extremely grateful.
Cheers,
Jon.
Port 80
User nobody
Group nobody
ServerAdmin [EMAIL PROTECTED]
ServerName www.example.com
DocumentRoot "/home/httpd/html"
## SSL Global Stuff
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
Listen x.x.x.x:80
Listen x.x.x.x:443
Listen x.x.x.y:80
</IfDefine>
<IfModule mod_ssl.c>
SSLPassPhraseDialog builtin
#SSLSessionCache none
#SSLSessionCache shmht:logs/ssl_scache(512000)
#SSLSessionCache shmcb:logs/ssl_scache(512000)
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
SSLLog logs/ssl_engine_log
SSLLogLevel info
</IfModule>
### Section 3: Virtual Hosts
NameVirtualHost x.x.x.x:80
NameVirtualHost x.x.x.x:443
#<VirtualHost _default_:*>
#</VirtualHost>
<VirtualHost x.x.x.x:80>
DocumentRoot /home/httpd/html
ServerName www.example.com
...
</VirtualHost>
<VirtualHost x.x.x.x:443>
DocumentRoot /home/httpd/html
ServerName www.example.com
...
<IfDefine SSL>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/www.example.com.crt
SSLCertificateKeyFile /etc/httpd/conf/www.example.com.key
<Files ~ "\.(cgi|shtml|php?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/home/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfDefine>
</VirtualHost>
<VirtualHost x.x.x.x:80>
DocumentRoot /home/jon/domains/example2.com
ServerName www.example2.com
ServerAdmin [EMAIL PROTECTED]
...
</VirtualHost>
<VirtualHost x.x.x.x:443>
DocumentRoot /home/jon/domains/example2.com
ServerName www.example2.com
ServerAdmin [EMAIL PROTECTED]
...
<IfDefine SSL>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/www.example2.com.crt
SSLCertificateKeyFile /etc/httpd/conf/www.example2.com.key
<Files ~ "\.(cgi|shtml|php?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/home/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfDefine>
</VirtualHost>
