SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Member
    Join Date
    Aug 2011
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Two SSL certificates on one server (each with their own IP)

    I've recently been assigned the wonderful task of implementing a second SSL certificate on our server. According to my research, the best way to accomplish this was by using IP-based virtual hosts, as opposed to name-based virtual hosts.

    So essentially I have two domain names, each requiring their own certificate. To accomplish this, each domain name is resolved to an external IP by our DNS servers, and in turn, those IPs are resolved to specific internal IPs by our firewall (I'm no expert when it comes to that last part, but that's how my network people explained it to me).

    So:

    Domain Name 1 - external IP of 205.xxx.xxx.10 - internal IP of 142.x.xx.10
    Domain Name 2 - external IP of 205.xxx.xxx.11 - internal IP of 142.x.xx.11

    Below are parts of the virtual servers I created in my Apache config file:

    Code:
    <VirtualHost 142.x.xx.10:443>
    
    #   General setup for the virtual host
    DocumentRoot "E:/web/inter-ssl/htdocs"
    ServerName   theserver.ourdomain.com:443
    ServerAdmin  first.last@ourdomain.com
    ErrorLog     logs/inter-ssl-error.log
    CustomLog    logs/inter-ssl-access.log common
    SSLCertificateFile conf/ssl/domain1.crt
    SSLCertificateKeyFile conf/ssl/domain1.key
    SSLCACertificateFile conf/ssl/ssl_ca.crt
    
    
    </VirtualHost>
    Code:
    <VirtualHost 142.x.xx.11:443>
    
    #   General setup for the virtual host
    DocumentRoot "E:/web/inter-ssl/htdocs"
    ServerName   theserver.ourdomain.com:443
    ServerAdmin  first.last@ourdomain.com
    ErrorLog     logs/inter-ssl-error.log
    CustomLog    logs/inter-ssl-access.log common
    SSLCertificateFile conf/ssl/domain2.crt
    SSLCertificateKeyFile conf/ssl/domain2.key
    SSLCACertificateFile conf/ssl/ssl_ca.crt
    
    
    </VirtualHost>
    If I use the browser to hit Domain 1, there are not problems whatsoever. However, if I do the same with Domain 2, I get the following warning:

    You attempted to reach <Domain 2>, but instead you actually reached a server identifying itself as <Domain 1>.

    Does anyone know why this is happening? I've tried pinging the domain names and they are resolving to the proper IP addresses, so that is not the problem.

    Thanks in advance for your help!

    PS: I apologize for the cryptic domain names and IP addresses, but the organization I work for can be strict with that kind of stuff.

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,644
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    hf,

    The server names should be their ONLINE domain names, not the same theserver.ourdomain.com for BOTH! Also, the :443 is already in the VirtualHost definition. Treat these as separate domains as that's what they are.

    Regards

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Member
    Join Date
    Aug 2011
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    DK,

    Thank you so much for your help. What you suggested did the trick!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •