Hi all, Apologies if this has been asked before - I'm very new to this list.
I'm running Apache 1.3.26 with mod-ssl 2.8.9-1.3.26. There are many domains on the box in question (40ish) and 2 of them use SSL. For the sake of argument let's call them example.com and example2.com - these are both name-based virtual servers. I've created certificates for them using the ssl.ca package - I created my own root CA and then generated/signed certificates for both domains, providing the correct CN in each case. So we have example.com CA key signing server certificates for www.example.com and www.example2.com. Whenever I go to https://www.example.com/ - it works great. No problems whatsoever. However with https://www.example2.com/ it seems to be using the certificate for www.example.com - IE pops up the error saying that the name on the cert doesn't match the site name. The thing that is baffling me is that this *did* work at one point. I first set up SSL and got it working perfectly for both domains around about July last year - using whatever was the latest version at that point. The ssl_engine_log file shows the following for a request for a single HTML file on www.example2.com [28/Jun/2002 10:14:04 01309] [info] Connection to child 6 established (server www.example.com:443, client 217.135.39.70) [28/Jun/2002 10:14:04 01309] [info] Seeding PRNG with 23177 bytes of entropy [28/Jun/2002 10:14:04 01309] [info] Connection: Client IP: 217.135.39.70, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [28/Jun/2002 10:14:04 01309] [info] Connection to child 6 closed with standard shutdown (server www.example.com:443, client 217.135.39.70) [28/Jun/2002 10:14:06 01310] [info] Connection to child 7 established (server www.example.com:443, client 217.135.39.70) [28/Jun/2002 10:14:06 01310] [info] Seeding PRNG with 23177 bytes of entropy [28/Jun/2002 10:14:07 01310] [info] Connection: Client IP: 217.135.39.70, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [28/Jun/2002 10:14:07 01310] [info] Initial (No.1) HTTPS request received for child 7 (server www.example2.com:443) [28/Jun/2002 10:14:07 01310] [info] Connection to child 7 closed with unclean shutdown (server www.example2.com:443, client 217.135.39.70) THe useful parts of my httpd.conf are in the attached file. If anyone could help with this I'd be extremely grateful. Cheers, Jon.
Port 80 User nobody Group nobody ServerAdmin [EMAIL PROTECTED] ServerName www.example.com DocumentRoot "/home/httpd/html" ## SSL Global Stuff <IfDefine SSL> AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl Listen x.x.x.x:80 Listen x.x.x.x:443 Listen x.x.x.y:80 </IfDefine> <IfModule mod_ssl.c> SSLPassPhraseDialog builtin #SSLSessionCache none #SSLSessionCache shmht:logs/ssl_scache(512000) #SSLSessionCache shmcb:logs/ssl_scache(512000) SSLSessionCache dbm:logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 SSLLog logs/ssl_engine_log SSLLogLevel info </IfModule> ### Section 3: Virtual Hosts NameVirtualHost x.x.x.x:80 NameVirtualHost x.x.x.x:443 #<VirtualHost _default_:*> #</VirtualHost> <VirtualHost x.x.x.x:80> DocumentRoot /home/httpd/html ServerName www.example.com ... </VirtualHost> <VirtualHost x.x.x.x:443> DocumentRoot /home/httpd/html ServerName www.example.com ... <IfDefine SSL> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/conf/www.example.com.crt SSLCertificateKeyFile /etc/httpd/conf/www.example.com.key <Files ~ "\.(cgi|shtml|php?)$"> SSLOptions +StdEnvVars </Files> <Directory "/home/httpd/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </IfDefine> </VirtualHost> <VirtualHost x.x.x.x:80> DocumentRoot /home/jon/domains/example2.com ServerName www.example2.com ServerAdmin [EMAIL PROTECTED] ... </VirtualHost> <VirtualHost x.x.x.x:443> DocumentRoot /home/jon/domains/example2.com ServerName www.example2.com ServerAdmin [EMAIL PROTECTED] ... <IfDefine SSL> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/conf/www.example2.com.crt SSLCertificateKeyFile /etc/httpd/conf/www.example2.com.key <Files ~ "\.(cgi|shtml|php?)$"> SSLOptions +StdEnvVars </Files> <Directory "/home/httpd/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </IfDefine> </VirtualHost>