| Author |
|
cedricdaking
Joined: 22 Apr 2014
Posts: 11
Location: PARIS
|
 Posted: Wed 16 Jul '14 14:37 Post subject: Multiple virtual host on a RP doesnt send the right certif |
 |
|
Hello,
I m using apache as a reverse proxy, I have several site with http and everything is working fine.
For the first time I have tried to configure with https port 443 with certificate, the probleme is that it doesnt return to the brower the certificate that I have indicate in the "virtual host" but rather the default certificate of the site.
Here is my virtual host :
<VirtualHost *:443>
ServerName hygie.sante-idf.fr
SSLEngine on
SSLProtocol all
SSLCertificateFile "/root/apacherp/cert/hygiesslcertificate.cert"
SSLCACertificateFile "/root/apacherp/cert/hygieCAcertificate.cert"
SSLCertificateKeyFile "/root/apacherp/cert/hygieprivate.cert"
ProxyPass / http://XXXXXX/
ProxyPassReverse / http://XXXXXX/
</VirtualHost>
Everything is fine when I start stop, I m sure the entry is used I have added :
NameVirtualHost *:443
But the Certificate information arent the one that I have enterred , but the default values I think
Could someone help me.
httpd -v
Server version: Apache/2.2.3
Server built: Mar 4 2010 09:57:54
Cédric |
|
| Back to top |
|
jraute
Joined: 13 Sep 2013
Posts: 188
Location: Rheinland, Germany
|
| Posted: Wed 16 Jul '14 16:03 Post subject: |
|
|
Are you loading a second certificate and where?
Do you use a httpd-ssl.conf?
Check both and check if it is correct to use the "" for the pathes (i am not sure if thats correct for unix systems - for windows systems you typically don't use it)
If there is a second certificate path in the httpd.conf, then you have to deactivate that one in the global parameter section. |
|
| Back to top |
|
cedricdaking
Joined: 22 Apr 2014
Posts: 11
Location: PARIS
|
| Posted: Wed 16 Jul '14 16:20 Post subject: |
|
|
Hello,
Thanks a lot for your help !
In fact I will use many certificate, because many web site will comme through this reverse proxy, therefore there will be one VirtualHost per site using its own certificate (corresponding to the server name).
This file is an include from the httpd.conf
The serverName is recongnize, because the reversepass is used, only the certificate that is send to the browser is the default SSL certificate, and not the one I m using in the VirtualHost.
Regards |
|
| Back to top |
|
jraute
Joined: 13 Sep 2013
Posts: 188
Location: Rheinland, Germany
|
| Posted: Thu 17 Jul '14 9:22 Post subject: |
|
|
Ok, lets sum it up:
1. You use a httpd-ssl.conf which is included in httpd.conf.
2. You probably use a httpd-vhosts.conf.
ad 1. The certificate-path in there could be problematic!
ad 2. In the httpd-vhosts.conf you have the pathes for your certificates. Thats ok.
Is the loaded certificate on all websites always the "default SSL certificate" or just at this one website? |
|
| Back to top |
|
cedricdaking
Joined: 22 Apr 2014
Posts: 11
Location: PARIS
|
| Posted: Thu 17 Jul '14 10:31 Post subject: |
|
|
Hello,
Thank you for your help.
Yes I m using a ssl.conf which contains you are right the default certificate that are send for all the website.
I m using a vhosts.conf and it seams as far as I understand that the certificate that I indicate there are not overriding the default certificate.
I don t know exactly what I should do to correct the situation.
Cédric |
|
| Back to top |
|
jraute
Joined: 13 Sep 2013
Posts: 188
Location: Rheinland, Germany
|
| Posted: Thu 17 Jul '14 11:46 Post subject: |
|
|
| Pls try to "disable" (comment out) the default certificate-path entries in the ssl.conf and test again. |
|
| Back to top |
|
cedricdaking
Joined: 22 Apr 2014
Posts: 11
Location: PARIS
|
| Posted: Fri 18 Jul '14 14:38 Post subject: |
|
|
Hello,
Thnaks a lot for your help, I have done what you suggest.
I removed the default value with the certicate, and set it as a vhost in the vhost file, in fact what I have notice is that for SSL connexion the serveur send the first certificate file that he find in the vhosts file, not the one that is corresponding to the ServerName.
I have that in my vhosts
NameVirtualHost *:443
<VirtualHost *:443>
ServerName serveurname1
SSLEngine on
SSLProtocol all
SSLCertificateFile "/root/apacherp/cert/hygiesslcertificate.cert"
SSLCACertificateFile "/root/apacherp/cert/hygieCAcertificate.cert"
SSLCertificateKeyFile "/root/apacherp/cert/hygieprivate.cert"
ProxyPass / http://XXXXXX/
ProxyPassReverse / http://XXXXX/
</VirtualHost>
<VirtualHost *:443>
ServerName serveurname2
SSLEngine on
SSLProtocol all
SSLCertificateFile "/root/apacherp/cert/hygiesslcertificate2.cert"
SSLCACertificateFile "/root/apacherp/cert/hygieCAcertificate2.cert"
SSLCertificateKeyFile "/root/apacherp/cert/hygieprivate2.cert"
ProxyPass / http://YYYYY/
ProxyPassReverse / http://YYYY/
</VirtualHost>
The ProxyPass and ProxypassReverse entry are well used by the ServerName but it is like the certificate that are sent are from the first entry. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
|
| Back to top |
|
