Monday, January 16, 2017

linux - Configuring SSL hosts to be able to access HTTP / HTTPS on multiple domains?

I'm having trouble configurig multiple ssl hosts on my apache server (CentOS). Originally I thought the problem was only having one IP, so once this was discovered I asked our server provider to add another IP which they did.



However, I'm still having problems. We want to be able to have http & https access for both of our domains, domain1.com & domain2.com as well as having various subdomains.



I have the certificates, keys, intermediate certs on the machine (for both domains) and these appear to be fine.



The situation is that all the HTTP sites are working correctly, and the first SSL domain is working but when I try and visit the second domain over HTTPS I get a security error (says wrong certificate as is showing domain 1's cert!).




Also, the pages being served to domain2 are not the correct oes (i.e not what the DocumentRoot says!). It appears as though it is defaulting to the first ssl config for all domains/ips.



Config Files:



THis is an excerpt from httpd.conf
####
NameVirtualHost **.**.**.27:80


    DocumentRoot /var/www/html/ADDIR

    ServerName domain1.com
    ErrorDocument 404 /var/www/html/404.html


 # # There are other virtualhosts for other ServerNames & DocumentRoots too but they're otherwise identical to above. ###




NameVirtualHost **.**.**.41:80



DocumentRoot /var/www/html/SOC
ServerName domain2.com


# # #
This is an excerpt from ssl.conf



DocumentRoot "/var/www/html/ADDIR/"
ServerName domain1.com:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

#certificates

SSLCertificateFile /ssl/server.crt
SSLCertificateKeyFile /ssl/server.key
SSLCACertificateFile /ssl/intermediate.crt


    SSLOptions +StdEnvVars


 SSLOptions +StdEnvVars



SetEnvIf User-Agent ".*MSIE.*" \
        nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
                                  



     SSLEngine On
     SSLCertificateFile /ssl/SD/server.crt
     SSLCertificateKeyFile /ssl/SD/server.key
     SSLCACertificateFile /ssl/SD/intermediate.crt

     ServerAdmin info@mydomain.com
     ServerName domain2.com
     DocumentRoot /var/www/html/SOC/

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...