One IP Address and Wildcard Certificate for multiple Virtual Hosts (Windows, Apache 2.4.2, OpenSSL 1.0.2e)
Question
I have searched and searched but I cannot find a solution to my issue, so apologies if this sounds familiar, but I am at a loss.
I have:
- Windows environment
- Apache 2.4.2
- OpenSSL 1.0.2e
- one IP address (development box: 127.0.0.1)
- multiple virtual hosts (www.site.co.uk, sub.site.co.uk, etc. )
- Genuine domain validated wildcard certificate from Comodo
I need to use the wildcard certificate for all of my virtual hosts.
All the sites work fine when using the standard http over port 80.
When I enable httpd-ssl.conf, I start to get into trouble.
I have seen and tried several examples of http-ssl.conf configurations but all result in intermittent connection failures, ie Firefox: " Secure Connection Failed ", IE11: " This page cannot be displayed ". However , if I refresh the page (in each browser) the page displays and I can see that the certificate is valid.
From what I've read, it points to incorrect configuration of the http-ssl.conf, but I've tried the Mozilla SSL Configuration Generator ( https://mozilla.github.io/server-side-tls/ssl-config-generator/ ), many stackoverflow answers, but still no joy.
This is my current httpd-ssl.conf file:
Listen 443 https
SSLStrictSNIVHostCheck off
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:C:/Apache2.4/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
<VirtualHost 127.0.0.1:443>
ServerName www.site.co.uk
ServerAlias www.site.co.uk
DocumentRoot C:\WebServer\Apache2.4\htdocs\www.site.co.uk
SSLEngine On
SSLCertificateFile "C:\WebServer\Apache2.4\conf\extra\ssl\site_wildcard.crt"
SSLCertificateKeyFile "C:\WebServer\Apache2.4\conf\extra\ssl\site_wildcard.key"
SSLCertificateChainFile "C:\WebServer\Apache2.4\conf\extra\ssl\site_wildcard.ca-bundle"
</VirtualHost>
<VirtualHost 127.0.0.1:443>
ServerName sub.site.co.uk
ServerAlias sub.site.co.uk
DocumentRoot C:\WebServer\Apache2.4\htdocs\sub.site.co.uk
</VirtualHost>
1 answers
solution1
0 ACCPTED 2016-07-19 08:24:08
After a lot of testing, my original comment did not solve the problem.
The certificate was configured correctly.
When running tests, on websites like ssllabs.com, the protocol and handshake results would randomly differ, even though no configuration change had taken place.
Testing/Verfiying with OpenSSL, sporadically produced the correct result, but the majority of time resulted in:
ssl handshake failed
It turns out the culprit was that I had this in my httpd.conf file:
AcceptFilter https none
After commenting it out, it solved the problem:
#AcceptFilter https none
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.