stackoom
  简体   繁体   中英

SSL issue with multiple virtual hosts on apache

 原文  2015-01-13 20:18:55       apache/ ssl/ virtualhost

Question

I'm trying to renew the certificate for a second web serviced identified by a virtual host, call it “mysubdomain2.mydomain2.com”.

I've generated all the required files (mysubdomain2.crt mysubdomain2.mydomain.com.key ca.pem sub.class1.server.ca.pem).

Note that I recently successfully renewed the certificate for mysubdomain1.crt.

Here's the virtual host entry in apache: 

<VirtualHost *:443>
  ServerName mysubdomain2.mydomain.com
  ServerAdmin myname@mycomp.com


   SSLEngine on
   SSLProtocol all -SSLv2
   SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

   SSLCertificateFile /disk2/certificates/ssl/mysubdomain2.crt
   SSLCertificateKeyFile /disk2/certificates/ssl/mysubdomain.mydomain.com.key
   SSLCertificateChainFile /disk2/certificates/ssl/sub.class1.server.ca.pem
   SSLCACertificateFile /disk2/certificates/startssl/ca.pem
   SSLOptions StrictRequire
   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

   CustomLog /var/log/apache2/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

#</VirtualHost>

But when I restart apache, it shuts down with this error message: 

“caught SIGTERM, shutting down
[Tue Jan 13 13:59:16 2015] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Jan 13 13:59:17 2015] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Jan 13 13:59:17 2015] [notice] Apache/2.2.16 (Ubuntu) PHP/5.3.3-1ubuntu9.5 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations

Additionally, from this link: 

https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

it's clear that this installation of apache has SNI installed. It seems that apache should at least start, as these are supposed to be just warning messages.

The problem SNI is supposed to solve is that without it, the host name doesn't get communicated until after the SSL connection is established, meaning that apache doesn't know which certificate to use.

But, at this point, it's simply not starting at all. I'm thinking to try regenerating the certificate and key and pem files, but I was pretty careful doing that in the first place. I'd like to understand what the real problem is.

1 answers

solution1
 0  2015-01-13 22:17:54

I must have done something wrong when decrypting the secret key. I tried it again, and everything was fine.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question multiple ssl virtual hosts on apache XAMPP Apache with multiple SSL hosts issue Trac & Apache Server: SSL & Virtual Hosts not working Multiple PHP versions with virtual hosts on Apache node api for multiple apache virtual hosts Using multiple sites in virtual hosts (apache) Apache: multiple virtual hosts and reverse proxy configuring apache for multiple virtual hosts on centos7 Apache multiple virtual hosts user permissions multiple Django projects apache virtual hosts
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM