I have several vhosts on port 443 and each of these vhosts have the ServerName config option set and also the correct SSLCertificateFile and SSLCertificateKeyFile values as well which vary depending on the vhost. This all works fine.
The issue is if someone accesses the server using an address that doesn't match any of the values for any of the ServerName's then I think it uses the first one by default. I don't want it to do this. Instead I would like it to return nothing. At the moment it will try and load one of the other vhosts on port 443 instead and as a result a certificate error message is thrown up in the browser because the address on the certificate doesn't match, which makes sense.
Is this possible?
For the same scenario for non-https connections on port 80 it's simple. I just create another vhost with the ServerName option not specified, and this becomes the default and then I can have this show a 404. When I try to the exact same thing and create an entry for port 443 without the ServerName property set I can't start apache and this is what is in the error.log file.
[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
Anyone know if what I'm trying to do is possible?
E.g. lets say at the moment if I have 2 vhosts on port 443 with the correct config pointing to the correct certificates, one being site1.com and the other being site2.com. Anyone can go to either of those 2 sites in their browser and everything works fine. However if someone goes to site3.com (and its A record points to the same ip as the server as well) then apache then appears to presume that they are wanting the vhost corresponding to site1.com, and serve that, whcih I don't want. Instead I would want apache to send no data for a request to site3.com. How can I achieve this?
Thanks!
No comments:
Post a Comment