[ale] Multiple virt https hosts under Apache/mod_ssl

Chuck Huber chuck at cehuber.org
Wed Jan 1 12:01:51 EST 2003 

I have a very curious problem with Apache 1.3 and mod_ssl 2.8.12.

The objective is to setup multiple virtual hosts, each with its own
x503 certificate.

The problem is that when more than one virtual host is configured,
the first certificate in the configuration is served regardless of
which virtual host is contacted.

Here's a summary of what I have in a file included in httpd.conf:

    ...
    NameVirtualHost 192.168.1.1:443

    <VirtualHost 192.168.1.1:443>
        ServerName          dev.mydomain.com
        DocumentRoot        /home/httpd/dev.mydomain.com
        ErrorLog            logs/dev.mydomain.com-error.log
        TransferLog         logs/dev.mydomain.com-access.log

        SSLEngine               on
        SSLCertificateFile      /etc/httpd/conf/ssl.crt/dev.mydomain.com.crt
        SSLCertificateKeyFile   /etc/httpd/conf/ssl.key/dev.mydomain.com.key
    </VirtualHost>

    <VirtualHost 192.168.1.1:443>
        ServerName          www.mydomain.com
        DocumentRoot        /home/httpd/www.mydomain.com
        ErrorLog            logs/www.mydomain.com-error.log
        TransferLog         logs/www.mydomain.com-access.log

        SSLEngine               on
        SSLCertificateFile      /etc/httpd/conf/ssl.crt/www.mydomain.com.crt
        SSLCertificateKeyFile   /etc/httpd/conf/ssl.key/www.mydomain.com.key
    </VirtualHost>
    
In this configuration, when I browse to https://dev.mydomain.com, the browser
reports that the signed certificate was issued to "dev.mydomain.com", just as
it should.  When I hit https://www.mydomain.com, it reports that the certificate
was issued to dev.mydomain.com.

When I comment out the first virtual host, hitting www works fine - it reports
that the cert was issued to www.

Commenting out the second virtual host, hitting dev works fine - the cert was
issued to dev.

I can reverse the order of the virtual hosts and it will always respond with
the www cert.

What am I doing wrong here? Any ideas?

Thanks,
    - Chuck

-- 
"The purpose of encryption is to protect good people
from bad people, not to protect bad people from the government."
     Scott McNealy, CEO Sun Microsystems
"The best way for government to control people is to remain in
   a constant threat of war." ---Karl Marx
(18 USC 242), which applies to government agents overstepping their
authority:
  "Whoever, under color of any law, statute, ordinance, regulation,
  or custom, willfully subjects any person in any State, Territory,
  or District to the deprivation of any rights, privileges, or
  immunities secured or protected by the Constitution or laws of
  the United States, . . . shall be fined under this title or
  imprisoned not more than one year, or both . . ."

 PGP signature

More information about the Ale mailing list