Apache SNI: multiple SSL certificates on one IP address

12,306

Solution 1

turns out domain 1 was configured as

<VirtualHost *:443>

I use webmin, which only reveals that detail when you view the directive directly.

changing * was part of the solution but introduced some other problems. I think I will punt and do IP-based SSL.

Solution 2

I add this to ports.conf (Apache/2.2.22)

NameVirtualHost *:443

You can read details in this post

Share:
12,306
Dan Pouliot
Author by

Dan Pouliot

Updated on June 14, 2022

Comments

  • Dan Pouliot
    Dan Pouliot almost 2 years

    Today I'm trying to configure Apache to run two domains each with their own SSL certificate. From what I have read this is supported by SNI as long as my Apache is configured with a recent version of OpenSSL. I verified that it is:

    [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.7 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/1.0.1 configured -- resuming normal operations
    

    I thought I had successfully set up the second domain and certificate, but when I try to visit the second domain in chrome I get the following error:

    You attempted to reach example2.com, but instead you actually reached a server identifying itself as example1.com.
    

    this post seems closest to my issue:

    hosting multiple SSL certs on apache

    but from what I can tell my server is already configured correctly (clearly it is not!)

    I have the following directives in my conf file for example2.com

    ServerName  example2.com
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/example2.com.crt
    SSLCertificateKeyFile /etc/apache2/ssl/example2.com.key
    

    it looks right to me. so why is apache serving example1's cert when I visit example2?