Reputation: 3862
Apache cannot run two virtualhosts with SSL at the same time
I have a httpd.conf file with the following content.
<VirtualHost demo.mydomain.com:443>
DocumentRoot "/var/www/html/demo"
ServerName "demo"
SSLEngine on
SSLCertificateFile /etc/ssl/certs/demo.mydomain.com.crt
SSLCertificateKeyFile /etc/ssl/certs/demo.mydomain.com.key
SSLCACertificateFile /etc/ssl/certs/demo.mydomain.com.ca-bundle
</VirtualHost>
<VirtualHost pay.mydomain.com:443>
DocumentRoot "/var/www/html/pay"
ServerName "pay"
SSLEngine on
SSLCertificateFile /etc/ssl/certs/pay.mydomain.com.crt
SSLCertificateKeyFile /etc/ssl/certs/pay.mydomain.com.key
SSLCACertificateFile /etc/ssl/certs/pay.mydomain.com.ca-bundle
</VirtualHost>
When I check the domains with an SSL checker, everything looks fine. But browser can run only the first one. The second one, pay.mydomain.com gives an SSL error and the browser says NET::ERR_CERT_COMMON_NAME_INVALID error.
If I remove the first one, pay.mydomain.com starts working. I have no idea what is going on and how can I solve this problem in this case.
Upvotes: 0
Views: 280
Answers (2)
Reputation: 10849
Replace
<VirtualHost demo.mydomain.com:443>
DocumentRoot "/var/www/html/demo"
ServerName "demo"
...
<VirtualHost pay.mydomain.com:443>
DocumentRoot "/var/www/html/pay"
ServerName "pay"
...
with
<VirtualHost *:443>
DocumentRoot "/var/www/html/demo"
ServerName demo.mydomain.com
...
<VirtualHost *:443>
DocumentRoot "/var/www/html/pay"
ServerName pay.mydomain.com
...
Upvotes: 0
Reputation: 7727
Double-check the names that are in your certificates. Your VHosts are configured to respond to the names pay and demo, without any further domain. A proper CA would in all likelihood not issue certificates for those names at all.
That you can put a name in the initial <VirtualHost> instead of an IP or * is a bit misleading, it's equivalent to putting the corresponding IP there, but it doesn't make httpd map requests to that name ot that VirtualHost block and is discouraged.
So what I think you're seeing is that pay and demo have the same IP, you visit with the full domain name pay.mydomain.com, there is no matching ServerName, so the default (first) VirtualHost is selected. At that point, the connection fails because the certificate is only good for the name demo.mydomain.com. (I think httpd issues a warning on startup if you have certificates that do not match ServerName, but it's not a fatal error.)
Upvotes: 1
Related Questions
- multiple ssl virtual hosts on apache
- Apache error: _default_ virtualhost overlap on port 443
- MAMP 2 Multiple VirtualHosts with SSL
- Apache listen on 2 ports for same SSL virtual host
- Same server, both SSL and non-SSL
- Using SSL on two VirtualHosts
- How can I setup different SSL-Certificates for vhosts on Apache?
- Apache with Multiple vhosts. SSL to apply to only one of them
- Apache - Multiple SSL Issue
- How to use on the same Apache2 Server 2 differents Certificates using VirtualHost?