一个IP地址和通配符证书，用于多个虚拟主机（Windows，Apache 2.4.2，OpenSSL 1.0.2e）

Question

I have searched and searched but I cannot find a solution to my issue, so apologies if this sounds familiar, but I am at a loss.

I have:

• Windows environment
• Apache 2.4.2
• OpenSSL 1.0.2e
• one IP address (development box: 127.0.0.1)
• multiple virtual hosts (www.site.co.uk, sub.site.co.uk, etc. )
• Genuine domain validated wildcard certificate from Comodo

I need to use the wildcard certificate for all of my virtual hosts.

All the sites work fine when using the standard http over port 80.

When I enable httpd-ssl.conf, I start to get into trouble.

I have seen and tried several examples of http-ssl.conf configurations but all result in intermittent connection failures, ie Firefox: " Secure Connection Failed ", IE11: " This page cannot be displayed ". However , if I refresh the page (in each browser) the page displays and I can see that the certificate is valid.

From what I've read, it points to incorrect configuration of the http-ssl.conf, but I've tried the Mozilla SSL Configuration Generator ( https://mozilla.github.io/server-side-tls/ssl-config-generator/ ), many stackoverflow answers, but still no joy.

This is my current httpd-ssl.conf file:

Listen  443 https

SSLStrictSNIVHostCheck off

SSLPassPhraseDialog builtin
SSLSessionCache     "shmcb:C:/Apache2.4/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLProtocol         All -SSLv2 -SSLv3 
SSLCipherSuite      ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

<VirtualHost 127.0.0.1:443>
    ServerName  www.site.co.uk
    ServerAlias www.site.co.uk
    DocumentRoot    C:\WebServer\Apache2.4\htdocs\www.site.co.uk

    SSLEngine On
    SSLCertificateFile "C:\WebServer\Apache2.4\conf\extra\ssl\site_wildcard.crt"
    SSLCertificateKeyFile "C:\WebServer\Apache2.4\conf\extra\ssl\site_wildcard.key"
    SSLCertificateChainFile "C:\WebServer\Apache2.4\conf\extra\ssl\site_wildcard.ca-bundle"
</VirtualHost>

<VirtualHost 127.0.0.1:443>
    ServerName  sub.site.co.uk
    ServerAlias sub.site.co.uk
    DocumentRoot    C:\WebServer\Apache2.4\htdocs\sub.site.co.uk
</VirtualHost>

Answer 1

After a lot of testing, my original comment did not solve the problem.

The certificate was configured correctly.

When running tests, on websites like ssllabs.com, the protocol and handshake results would randomly differ, even though no configuration change had taken place.

Testing/Verfiying with OpenSSL, sporadically produced the correct result, but the majority of time resulted in:

ssl handshake failed

It turns out the culprit was that I had this in my httpd.conf file:

AcceptFilter https none

After commenting it out, it solved the problem:

#AcceptFilter https none