Thanks Eric. I guess multiple Apache instances can handle this case.
2014-02-19 19:48 GMT+08:00 Eric Covener <[email protected]>: > On Wed, Feb 19, 2014 at 3:40 AM, Jason Ni <[email protected]> wrote: > > Hello All, > > > > I want to configure Apache for this use case: > > > > We have more than one virtual hosts with different hostnames. I use name > > based virtual hosting configuration for these hosts. > > > > And I want to give each host 2 ports for HTTPs services. One is for > outside > > service, the other is for internal service. > > > > It's possible that we use different SSL keys and certs for internal and > > outside HTTPs configurations. And clients do check validation of SSL > > certificates. So I did a simple test of this configuration. > > > > However, in my test case, I find Apache always gives client the > certificate > > from the first VirtualHost configuration. > > > > My test environment is RHEL6.4, Apache2 > > > > My test configuration is like this: > > > > NameVirtualHost and Listen statements are inserted in the ssl.conf file. > > -------------------------------------------------------- > > NameVirtualHost 192.168.33.10:443 > > NameVirtualHost 192.168.33.10:8443 > > Listen 443 > > Listen 8443 > > -------------------------------------------------------- > > > > And I created a new file ssldemo.conf in conf.d > > -------------------------------------------------------------------- > > <VirtualHost 192.168.33.10:8443> > > ServerName site1.test.com > > SSLCertificateFile /etc/pki/tls/certs/localhost.crt > > <VirtualHost 192.168.33.10:443> > > ServerName site1.test.com > > SSLCertificateFile /etc/httpd/ssl/sslcert.pem > > > > > When I connect Apache server use the url https://site1.test.com, I get > the > > cert of /etc/pki/tls/certs/localhost.crt. > > Seems Apache server doesn't support this kind of usage, does it? > > No, Apache selects the best interface:port match first, then selects > name-based vhosts and SNI from things that match the set of selected > interface:port. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
