Apache Name Virtual Host with SSL

apache ssl ssl-certificate
107,443

Solution 1

It sounds like Apache is warning you that you have multiple <VirtualHost> sections with the same IP address and port... as far as getting it to work without warnings, I think you would need to use something like Server Name Indication (SNI), a way of identifying the hostname requested as part of the SSL handshake. Basically it lets you do name-based virtual hosting over SSL, but I'm not sure how well it's supported by browsers. Other than something like SNI, you're basically limited to one SSL-enabled domain name for each IP address you expose to the public internet.

Of course, if you are able to access the websites properly, you'll probably be fine ignoring the warnings. These particular ones aren't very serious - they're mainly an indication of what to look at if you are experiencing problems

Solution 2

As far as I know, Apache supports SNI since Version 2.2.12 Sadly the documentation does not yet reflect that change.

Go for http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI until that is finished

Solution 3

You may be able to replace the: 

VirtualHost ipaddress:443

with 

VirtualHost *:443

You probably need todo this on all of your virt hosts.

It will probably clear up that message. Let the ServerName directive worry about routing the message request.

Again, you may not be able to do this if you have multiple ip's aliases to the same machine.

Solution 4

The VirtualHost would look like this:

NameVirtualHost IP_Address:443

<VirtualHost IP_Address:443>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/ca.crt    # Where "ca" is the name of the Certificate
    SSLCertificateKeyFile /etc/pki/tls/private/ca.key
    ServerAdmin webmaster@domain_name.com
    DocumentRoot /var/www/html
    ServerName www.domain_name.com
    ErrorLog logs/www.domain_name.com-error_log
    CustomLog logs/www.domain_name.com-access_log common
</VirtualHost>

Solution 5

You MUST add below part to enable NameVirtualHost functionality with given IP.

NameVirtualHost IP_Address:443
Share:
107,443
JamesArmes
Author by

JamesArmes

Updated on July 26, 2020

Comments

  • JamesArmes
    JamesArmes almost 4 years

    I am attempting to setup our servers to allow traffic over SSL. I am aware that SSL does not work with Name Virtual Host, but we have all of our apache servers on virtual machines with dedicated private IPs. We have a primary virtual machine that has mod_proxy setup to route traffic to the appropriate vms.

    However, in order to route https traffic we need to have the certificate installed on the proxy as well as the vms. We have a wildcard certificate that can be used across all of our hosts. Everything appears to work properly, but I receive the following in the apache logs for the proxy:

    [warn] Init: SSL server IP/port conflict: host1.domain.com:443 (/etc/apache2/sites-enabled/host1:1) vs. host2.domain.com:443 (/etc/apache2/sites-enabled/host2:1)

    There is one of these error message for each host we have setup on the proxy. Our Virtual Host setup for the proxy is posted below:

    <VirtualHost ipaddress:443>
    ServerName host1.domain.com
    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass / https://privateip:443/
    ProxyPassReverse / https://privateip:443/

    SSLProxyEngine on
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key
</VirtualHost>

    Is there any way that I can get this to work?

  • JamesArmes
    JamesArmes over 15 years
    Harold, Thank you for your response. I attempted this earlier and it made no difference.
  • JamesArmes
    JamesArmes over 15 years
    David, Thank you for your response. After doing some research I believe this would be the way to go. However, there is limited support for SNI under Windows XP. I think I will try this anyway since I am using a wildcard cert. If this does not work, I guess I will have to ignore the errors for now.
  • David Z
    David Z over 15 years
    Ah, my bad... I really just remembered the acronym, SNI. I'll edit the post.
  • jdavid.net
    jdavid.net over 11 years
    one of your port numbers are wrong, and i can't fix it 6 char min edit.
  • Vasyl Moskalov
    Vasyl Moskalov almost 8 years
    Looks like this answer is a bit outdated
  • Dilip Rajkumar
    Dilip Rajkumar over 7 years
    You are absolutely right Name based SSL wont work. Good Link.
  • Ryan
    Ryan about 4 years
    I made sure to leave #Include conf/extra/httpd-ssl.conf commented out in httpd.conf, and then this worked in httpd-vhosts.conf: NameVirtualHost *:443 (linebreak) Listen 443 (linebreak)<VirtualHost *:443> (linebreak) SSLEngine On (linebreak) ...

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Invalid CA certificate with self signed certificate chain
Is it possible to have a valid sub-subdomain with a wildcard certificate?
Apache HTTP Client javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Apache reverse proxy set up SSL certificate
How do I pass the client certificate with HTTP client?
openssl unable to get local issuer certificate debian
Handling X-FORWARDED-PROTO header in Java web application
Change base domain name for Lets Encrypt SSL certificate
https: Apache TLS renegotiation: Debian, Apache2, openssl. How to?
Firebase Hosted flutter app shows not a secure connection error when launching an external URL