stackoom
  简体   繁体   中英

Using multiple sites with one SSL-enabled site with Apache

 原文  2014-02-10 17:23:44       apache/ ssl/ https/ virtualhost

Question

I currently have an Apache server that is serving content on two sites - call them site1.com and site2.com. I've got VirtualHost directives set up for each of them and they all work fine.

I also serve SSL content for site1.com, and this works fine too (ie user can navigate to https://site1.com and see content). However, the issue comes if a user tried to navigate to https://site2.com . Then (eg in Google Chrome) they see the following message:

You attempted to reach site2.com, but instead you actually reached a server identifying itself as site1.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of site2.com.

This is quite a scary warning, and I'd prefer the connection to fail with an "HTTPS connection refused", "SSL error" or something like that. (If they click through the warning, they are shown https://site1.com 's content, but with https://site2.com in the address bar.) I believe this should be possible using SNI - but I'm not sure how to set it up so that the only SSL connections that are picked up are ones that are meant for site1.com.

Here is the skeleton VirtualHost directive for site1: 

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
    ServerName site1.com
    ServerAdmin webmaster@site1.com

    DocumentRoot /var/www
    <Directory />
            Options FollowSymLinks
            AllowOverride None
    </Directory>
    <Directory /var/www/>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            allow from all
    </Directory>
</VirtualHost>
</IfModule>

I have tried changing _default_:443 to site1.com:443 , but that stops all SSL connections to the server from returning content.

1 answers

solution1
 0  2014-02-11 21:32:34

You need to have different certificates for site1.com and site2.com or have a certificate with both names in it. I don't see any certificate configuration at all in your posted configuration, so I assume that you have a global certificate which is only valid for site1.com.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Multiple sites per Apache server with SSL showing wrong site with HTTPS Apache - multiple sites on one IP, domain and port with SSL How to run multiple SSL enabled websites for local development using Apache Deploy SSL-enabled website to WHM-managed VPS Apache Refuses to Start when Enabling Second Site in Sites-Enabled/ Multiple Trac sites on one domain using Apache2 Apache: How to have multiple sites for one ServerName? apache .htaccess ssl to only one site Translation port causing Error 400: Reason: You're speaking plain HTTP to an SSL-enabled server port Error 400 , speaking plain HTTP to an SSL-enabled server, both ports not working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM