1 |
Hi all, |
2 |
|
3 |
I've some strange problem with apache and SSL since some time I |
4 |
try to address now. |
5 |
|
6 |
I've multiple virtual hosts using SSL and I want all them to use _their own_ |
7 |
certificates. |
8 |
The problem now is, it seems, that all SSL virtual hosts are using the "in |
9 |
config first declared" SSLCertificate{File,KeyFile}. Each other vhost is |
10 |
using the certs from the first vhost. |
11 |
|
12 |
I create my certs using certtool from GnuTLS: |
13 |
|
14 |
# certtool --generate-privkey --outfile www.foobar.org.key |
15 |
# certtool --generate-self-signed --load-privkey www.foobar.org.key \ |
16 |
--outfile www.foobar.org.cert |
17 |
|
18 |
and answer to the questions the tool has. I do this for each SSL-vhost I have. |
19 |
|
20 |
Now, I duplicate the http-virtualhost to https-virtualhost and add the |
21 |
following at the end of each https-virtualhost: |
22 |
|
23 |
SSLEngine on |
24 |
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP: |
25 |
+eNULL |
26 |
SSLCertificateFile conf/ssl/www.foobar.org.cert |
27 |
SSLCertificateKeyFile conf/ssl/www.foobar.org.key |
28 |
SSLOptions +StdEnvVars |
29 |
<IfModule mod_setenvif.c> |
30 |
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \ |
31 |
downgrade-1.0 force-response-1.0 |
32 |
</IfModule> |
33 |
|
34 |
This look clear to me, but apache2 now obviousely uses the first parsed |
35 |
SSLCertificateFile/SSLCertificateKeyFile for the second and third etc, too, |
36 |
which is wrong, of course. |
37 |
|
38 |
Has anyone a hint on how to fix this issue? |
39 |
|
40 |
Best regards, |
41 |
Christian Parpart. |
42 |
|
43 |
-- |
44 |
01:38:06 up 10 days, 13:17, 4 users, load average: 0.31, 0.41, 0.38 |