| 1 |
Hi all, |
| 2 |
|
| 3 |
I've some strange problem with apache and SSL since some time I |
| 4 |
try to address now. |
| 5 |
|
| 6 |
I've multiple virtual hosts using SSL and I want all them to use _their own_ |
| 7 |
certificates. |
| 8 |
The problem now is, it seems, that all SSL virtual hosts are using the "in |
| 9 |
config first declared" SSLCertificate{File,KeyFile}. Each other vhost is |
| 10 |
using the certs from the first vhost. |
| 11 |
|
| 12 |
I create my certs using certtool from GnuTLS: |
| 13 |
|
| 14 |
# certtool --generate-privkey --outfile www.foobar.org.key |
| 15 |
# certtool --generate-self-signed --load-privkey www.foobar.org.key \ |
| 16 |
--outfile www.foobar.org.cert |
| 17 |
|
| 18 |
and answer to the questions the tool has. I do this for each SSL-vhost I have. |
| 19 |
|
| 20 |
Now, I duplicate the http-virtualhost to https-virtualhost and add the |
| 21 |
following at the end of each https-virtualhost: |
| 22 |
|
| 23 |
SSLEngine on |
| 24 |
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP: |
| 25 |
+eNULL |
| 26 |
SSLCertificateFile conf/ssl/www.foobar.org.cert |
| 27 |
SSLCertificateKeyFile conf/ssl/www.foobar.org.key |
| 28 |
SSLOptions +StdEnvVars |
| 29 |
<IfModule mod_setenvif.c> |
| 30 |
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \ |
| 31 |
downgrade-1.0 force-response-1.0 |
| 32 |
</IfModule> |
| 33 |
|
| 34 |
This look clear to me, but apache2 now obviousely uses the first parsed |
| 35 |
SSLCertificateFile/SSLCertificateKeyFile for the second and third etc, too, |
| 36 |
which is wrong, of course. |
| 37 |
|
| 38 |
Has anyone a hint on how to fix this issue? |
| 39 |
|
| 40 |
Best regards, |
| 41 |
Christian Parpart. |
| 42 |
|
| 43 |
-- |
| 44 |
01:38:06 up 10 days, 13:17, 4 users, load average: 0.31, 0.41, 0.38 |
Archives