Apache issue with multiple SSL sites
by Phunction from LinuxQuestions.org on (#6MPPW)
I am running an older apache 2.2.22 server.
There were 2 virtual host SSL sites that were working fine, but when I tried to add a 3rd I would start getting ERR_SSL_PROTOCOL_ERROR
Each site was in its own config file under sites-available
I moved them to a single file in default-ssl but still have the same issue, but now it does it with just 2 sites:
The strange thing, the first cert works, the second gives me an ERR_SSL_PROTOCOL_ERROR, but only on some systems.
This is what I am using now:
(
Site1 is fine, Site2 gives me the error.
I originally tried with NameVirtualHost *.443
And then <VirtualHost *.443>
But when I go to site2, it complains that the cert is invalid because it is using the cert from site1?
)
<IfModule mod_ssl.c>
NameVirtualHost 192.99.9.188:443
<VirtualHost www.site1.com:443>
ServerName www.site1.com
ServerAdmin webmaster@site1.com
DocumentRoot /home/httpd/sites/site1
<Directory /home/httpd/sites/site1>
Order allow,deny
Allow from all
</Directory>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/ssl/site1.ca/server.crt
SSLCertificateKeyFile /etc/ssl/site1.ca/server.key
SSLCertificateChainFile /etc/ssl/site1.ca/bundle.crt
</VirtualHost>
<VirtualHost www.site2.com:443>
ServerName www.site2.com
ServerAdmin webmaster@site2.com
DocumentRoot /home/httpd/sites/site2
<Directory /home/httpd/sites/site2>
Order allow,deny
Allow from all
</Directory>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/ssl/site2.ca/server.crt
SSLCertificateKeyFile /etc/ssl/site2.ca/server.key
SSLCertificateChainFile /etc/ssl/site2.ca/bundle.crt
</VirtualHost>
</IfModule mod_ssl.c>
Is it due to apache and openssl being too old? But it does not make sense that the first cert would be fine and give a perfectly valid cert in browsers.
There were 2 virtual host SSL sites that were working fine, but when I tried to add a 3rd I would start getting ERR_SSL_PROTOCOL_ERROR
Each site was in its own config file under sites-available
I moved them to a single file in default-ssl but still have the same issue, but now it does it with just 2 sites:
The strange thing, the first cert works, the second gives me an ERR_SSL_PROTOCOL_ERROR, but only on some systems.
This is what I am using now:
(
Site1 is fine, Site2 gives me the error.
I originally tried with NameVirtualHost *.443
And then <VirtualHost *.443>
But when I go to site2, it complains that the cert is invalid because it is using the cert from site1?
)
<IfModule mod_ssl.c>
NameVirtualHost 192.99.9.188:443
<VirtualHost www.site1.com:443>
ServerName www.site1.com
ServerAdmin webmaster@site1.com
DocumentRoot /home/httpd/sites/site1
<Directory /home/httpd/sites/site1>
Order allow,deny
Allow from all
</Directory>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/ssl/site1.ca/server.crt
SSLCertificateKeyFile /etc/ssl/site1.ca/server.key
SSLCertificateChainFile /etc/ssl/site1.ca/bundle.crt
</VirtualHost>
<VirtualHost www.site2.com:443>
ServerName www.site2.com
ServerAdmin webmaster@site2.com
DocumentRoot /home/httpd/sites/site2
<Directory /home/httpd/sites/site2>
Order allow,deny
Allow from all
</Directory>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/ssl/site2.ca/server.crt
SSLCertificateKeyFile /etc/ssl/site2.ca/server.key
SSLCertificateChainFile /etc/ssl/site2.ca/bundle.crt
</VirtualHost>
</IfModule mod_ssl.c>
Is it due to apache and openssl being too old? But it does not make sense that the first cert would be fine and give a perfectly valid cert in browsers.