Apache2 and multiple SSL configs and name based virtual hosting
 

Apache/2.0.55 DAV/2 PHP/5.0.4 mod_ssl/2.0.55 OpenSSL/0.9.7i

I have two virtual hosts that need SSL certs and I have them configured but which ever one is listed is the one that sends out it's cert and overrides the other SSL config.

I have tried to place IfDefines around the two SSL virtual hosts but still a no go, I can't figure out how to separate them to keep the SSL certs from overlapping. Any Ideas?

above them are some related stuff and not necessarily in this order:
Listen 172.16.0.2:80
Listen 172.16.0.2:443
NameVirtualHost 172.16.0.2:80
NameVirtualHost 172.16.0.2:443

AcceptMutex flock
SSLProtocol all
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/opt/apache2/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex flock:/opt/apache2/logs/ssl_mutex
SSLRandomSeed startup builtin

here's a one of the two SSL vhosts both are subdomains of two diffferent domains.

<VirtualHost host.domain.org:443>
# General setup for the virtual host
DocumentRoot /opt/apache2/htdocs/host
#ServerName has to match the server you entered into the CSR
ServerName host.domain.org
ServerAdmin webmaster@domain.org
ErrorLog logs/host-error_log
TransferLog logs/host-access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol all
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL
# Path to your certificates and private key
SSLCertificateFile /opt/apache2/conf/ssl.crt/host.crt
SSLCertificateKeyFile /opt/apache2/conf/ssl.key/host.key
SSLCACertificateFile /opt/apache2/conf/ssl.crt/ca.crt
<Files ~ "\.(cgi|shtml|phtml|php3?|php5?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /opt/apache2/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# correction for browsers that don't always handle SSL connections well
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>

Are the hosts on different IP addresses? Apache supports only one SSL vhost for each IP address.

Ahh that was it, that's pretty dumb that you can only have one SSL per IP.

hmmm... no, not really. There is a reason for this limitation... it's not as if that just decided "hey, lets piss everyone off and make them use a unique IP".... ;)

apache..ssl vhost..one ip @
 

i'm working on apache2 and i have created 2 ssl vhost for one IP @.. it works!.. i don't know if it is applicable with apache1.3..

i know it has been a year since this question was asked.. maybe u knew it before now...

anyway,

Which exact apache version do you use?

apache version
 

Apache 2.0.54 (Debian GNU/Linux)

If you do it this way, you'll always see warnings in your browser.

did u mean like these warnings on apache server console?

>>[Thu Nov 02 06:10:22 2006] [warn] NameVirtualHost 192.168.2.2:443 has no VirtualHosts
[Thu Nov 02 06:10:22 2006] [warn] NameVirtualHost 192.168.2.2:443 has no VirtualHosts<<

if so, may i ask: does this affect the situation? i meant the security level?

or the usual browser warning when moving from http to https? if so, u're absolutely right!

These are no SSL warnings. I guess falko meaned that you get a SSL security warning in your browser thet the domain of your SSL certificate does not match the domain of the vhost.