1

I have a VHOST configuration that I need a fresh set of eyes on. We have SSLEngine enabled in two virtual hosts - on on port 443 and another on port 4432. For some reason, regardless of whether the connection comes in on 443 or 4432 it automatically resorts to the first vhost defined. If I put 443 on top it uses that config for 443 and 4432 and if I put 4432 on top it uses that config for 443 and 4432. Can anyone tell me why it's just grabbing the top virtual host even though they only should be going to their respective ports? I know that SSL needs it's own IP but it's my understanding a separate Port should suffice too?

Listen *:443 <VirtualHost *:443> SSLEngine On SSLCertificateFile ... SSLCertificateKeyFile ... SSLCertificateChainFile ... ... </VirtualHost> Listen *:4432 <VirtualHost *:4432> SSLEngine On SSLCertificateFile a_different_file... SSLCertificateKeyFile a_different_file... SSLCertificateChainFile a_different_file... ... </VirtualHost>
Improve this question

1 Answer 1

Reset to default
-1

Why not make all the SSL on port 443 and use vHosts to use multiple domains? You're trying to do that, but you're overlooking it. Try this:

NameVirtualHost *:443 <VirtualHost *:443> insert ssl stuff1 here ServerAdmin [email protected] DocumentRoot "C:/xampp/htsecure1/" ServerName domain1.com ServerAlias www.domain1.com </VirtualHost> <VirtualHost *:443> insert ssl stuff2 here ServerAdmin [email protected] DocumentRoot "C:/xampp/htsecure2/" ServerName domain2.com ServerAlias www.domain2.com </VirtualHost> <VirtualHost *:443> insert ssl stuff3 here ServerAdmin [email protected] DocumentRoot "C:/xampp/htsecure3/" ServerName domain3.com ServerAlias www.domain3.com </VirtualHost>
Improve this answer
3
  • Looks like the issue was I had name-based virtual hosts above. I moved them down and everything seems to work now. Commented Sep 6, 2011 at 23:56
  • 2
    Please remember that you can only use have one certificate per socket (address:port). The described would result in certificate errors if you are not using a wildcard/san certificate. SNI (en.wikipedia.org/wiki/Server_Name_Indication) is not supported by clients well enough for it to be considered a valid option. Commented Sep 7, 2011 at 0:05
  • Ah, well I've got a multi-domain SSL cert and never realized that one. Hey, you learn something new twice a day. Commented Sep 7, 2011 at 0:18

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.