Reputation: 36713
SSL issue with multiple virtual hosts on apache
I’m trying to renew the certificate for a second web serviced identified by a virtual host, call it “mysubdomain2.mydomain2.com”.
I’ve generated all the required files (mysubdomain2.crt mysubdomain2.mydomain.com.key ca.pem sub.class1.server.ca.pem).
Note that I recently successfully renewed the certificate for mysubdomain1.crt.
Here's the virtual host entry in apache:
<VirtualHost *:443>
ServerName mysubdomain2.mydomain.com
ServerAdmin [email protected]
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /disk2/certificates/ssl/mysubdomain2.crt
SSLCertificateKeyFile /disk2/certificates/ssl/mysubdomain.mydomain.com.key
SSLCertificateChainFile /disk2/certificates/ssl/sub.class1.server.ca.pem
SSLCACertificateFile /disk2/certificates/startssl/ca.pem
SSLOptions StrictRequire
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /var/log/apache2/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
#</VirtualHost>
But when I restart apache, it shuts down with this error message:
“caught SIGTERM, shutting down
[Tue Jan 13 13:59:16 2015] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Jan 13 13:59:17 2015] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Jan 13 13:59:17 2015] [notice] Apache/2.2.16 (Ubuntu) PHP/5.3.3-1ubuntu9.5 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
Additionally, from this link:
https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
it's clear that this installation of apache has SNI installed. It seems that apache should at least start, as these are supposed to be just warning messages.
The problem SNI is supposed to solve is that without it, the host name doesn't get communicated until after the SSL connection is established, meaning that apache doesn't know which certificate to use.
But, at this point, it's simply not starting at all. I'm thinking to try regenerating the certificate and key and pem files, but I was pretty careful doing that in the first place. I'd like to understand what the real problem is.
Upvotes: 0
Views: 1327
Answers (1)
Reputation: 36713
I must have done something wrong when decrypting the secret key. I tried it again, and everything was fine.
Upvotes: 0
Related Questions
- multiple ssl virtual hosts on apache
- Apache delivering wrong SSL-Cert
- Apache cannot run two virtualhosts with SSL at the same time
- How to apply different SSL certificates to different domains on the same IP?
- Apache2 SSL Configuration with Virtual Hosts on Ubuntu 14.x
- SSL Certificates and Apache Virtual Hosts
- Apache virtual hosts with multiple domains
- Using SSL on two VirtualHosts
- How can I setup different SSL-Certificates for vhosts on Apache?
- Apache with Multiple vhosts. SSL to apply to only one of them