ssl config problem



I'm trying to set up two virtual ssl websites on Apache2. When I go the the
first site, it returns the proper cert and everything works as expected. But,
when I go to the second site it returns the cert from the first site even
though a different set of certs is specified in ssl.conf. If I comment out
the first site, the second site works correctly. I've been all through the
docs on apache.org and I can't figure out what I'm doing wrong.

Here's the ssl.conf:

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

<IfDefine SSL>

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:/var/run/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  file:/var/run/ssl_mutex

###################################################

NameVirtualHost *:443

<VirtualHost *:443>
DocumentRoot "/usr/local/www/secure/alaskaparadise"
ServerName secure.alaskaparadise.com
ServerAdmin akbeech@xxxxxxxxxxxxxxxxxx
ErrorLog /usr/home/akparadise/log/secure-error.log
TransferLog /usr/home/akparadise/log/secure-access.log

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:
+eNULL
SSLCertificateFile /usr/local/etc/apache2/ssl.crt/secure.alaskaparadise.com.crt
SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/secure.alaskaparadise.com.key

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /var/log/httpd-ssl_request.log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

<VirtualHost *:443>
DocumentRoot "/usr/local/www/secure/akherb"
ServerName secure.akherb.com
ServerAdmin akherb@xxxxxxxxxx
ErrorLog /usr/home/akherb/log/secure-error.log
TransferLog /usr/home/akherb/log/secure-access.log

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:
+eNULL
SSLCertificateFile /usr/local/etc/apache2/ssl.crt/secure.akherb.com.crt
SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/secure.akherb.com.key

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /var/log/httpd-ssl_request.log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

</IfDefine>

Any help would be appreciated,

Beech
--

---------------------------------------------------------------------------------------
Beech Rintoul - Sys. Administrator - akbeech@xxxxxxxxxxxxxxxxxx
/"\ ASCII Ribbon Campaign | Alaska Paradise Travel
\ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310
X - NO Word docs in e-mail | Anchorage, AK 99501
/ \ - Please visit Alaska Paradise - http://www.alaskaparadise.com
---------------------------------------------------------------------------------------











Attachment:pgpHANvgH1mEI.pgp
Description: PGP signature



Relevant Pages

  • Re: SBS R2 and Windows Mobile device
    ...  Have you copied the SBS self signed cert from a workstation to the root of the WM device? ...   Hello, ... device seems to use the OWA interface and I'm able to login from a PC ... explain what needs to be done with the cert. ...
    (microsoft.public.windows.server.sbs)
  • Re: exceptions.TypeError an integer is required
    ...     try: ... As soon as I cast it to an int, I was able to get past that issue. ... Still not able to post because I am getting a bad cert error. ...
    (comp.lang.python)
  • Re: bad certificate error
    ...  Self signed certificate? ... Domain mismatch? ... Save my PKI cert to disk. ...
    (comp.lang.python)
  • Re: multiple certificates
    ... > The certificate you get accessing the second site is from ... > the first site. ... > I restarted IIS and the problem stays the same! ... >>url and the cert common name not matching. ...
    (microsoft.public.inetserver.iis.security)
  • Re: multiple certificates
    ... When you deploy second cert, ... difffernt IP or ports? ... > certificate and that worked OK. ... > the warning and it was the certificate for the first site. ...
    (microsoft.public.inetserver.iis.security)