Using SSL on two VirtualHosts
I had the same issue. Strangely some report it works for them like a charm but for others not. I even tried using SNI via SSLStrictSNIVHostCheck apache directive but no luck.
When using the ServerAlias directive with a wildcard domain like eg. *.snakeoil.com then order of the VirtualHost configs matters. If the VirtualHost with the wildcard domain alias:
ServerAlias *.snakeoil.com
is the first one it will be processed first and avoids resolution of other vhosts. Try to reverse vhosts so that this catch all is the last one eg.
<IfModule mod_ssl.c>
# first vhost
<VirtualHost *:443>
ServerName vhost1.snakeoil.com
[...]
</VirtualHost>
# second vhost
<VirtualHost *:443>
ServerName vhost2.snakeoil.com
[...]
</VirtualHost>
# Attention!
# All other vhost requests end up here
# Order matters, keep this entry to be the last one
# as a last resort if any of the above don't apply
<VirtualHost *:443>
ServerName snakeoil.com
ServerAlias *.snakeoil.com
[...]
</VirtualHost>
</IfModule>
Worked for me at least with with apache 2.2.14
Ted
Updated on July 24, 2020Comments
-
Ted almost 4 years
So I got an SSL from GoDaddy.
It works for my public sitemysite.com
.
I would like now to have an SSL connection for myadministrator.mysite.com
So I created a self signed certificate usingopenssl
because I don't mind managing my own site with a red mark on the lock.inside
httpd-ssl.conf
<VirtualHost *:443> ServerName mysite.com:443 ServerAlias www.mysite.com DocumentRoot /opt/lampp/htdocs/MySite/ ServerAdmin [email protected] ErrorLog /opt/lampp/htdocs/MySite/logfiles/ssl_errors.log TransferLog /opt/lampp/htdocs/MySite/logfiles/ssl_access.log SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /opt/lampp/etc/ssl.crt/mysite.com.crt SSLCertificateKeyFile /opt/lampp/etc/ssl.key/server_nopwd.key SSLCertificateChainFile /opt/lampp/etc/ssl.crt/gd_bundle.crt SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown CustomLog /opt/lampp/htdocs/MySite/logfiles/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/opt/lampp/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 </VirtualHost> <VirtualHost *:443> ServerName administrator.mysite.com:443 DocumentRoot "/opt/lampp/htdocs/" ServerAdmin [email protected] ErrorLog /opt/lampp/htdocs/MySite/logfiles/ssl_errors_admin.log TransferLog /opt/lampp/htdocs/MySite/logfiles/ssl_access_admin.log SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /opt/lampp/etc/ssl.crt/admin.crt SSLCertificateKeyFile /opt/lampp/etc/ssl.key/admin.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown CustomLog /opt/lampp/htdocs/MySite/logfiles/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/opt/lampp/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 </VirtualHost>
And I get this warning:
[warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
What happens is that the administrator host is redirected to the regular host, which is very annoying
-
JustBaron almost 8 yearsThis worked for me, Windows, Apache 2.4, Wildcard SSL. Thanks!