Name based virtual hosts with SSL on Apache 2.2.3/CentOS 5.9

Hi I'm trying to serve one site with two subdomains, and both subdomains should be under SSL. I've purchased a wildcard SSL certificate and have it installed. In my vhosts file I have 5 definitions, www (80), app (80/443), and staging (80/443). All of the subdomains work under port 80.

Here's a snippet of my vhosts.conf file:

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
  ServerAdmin support@---
  ServerName app.---
  DocumentRoot /var/www/vhosts/---/app/www/
  ErrorLog /var/www/vhosts/---/app/log/error.log

  <Directory "/var/www/vhosts/---/app/www">
    Options Indexes FollowSymLinks
    AllowOverride All
  </Directory>
</VirtualHost>

<VirtualHost *:443>
  ServerAdmin support@---
  ServerName app.---
  DocumentRoot /var/www/vhosts/---/app/www/
  ErrorLog /var/www/vhosts/---/app/log/ssl.log

  SSLEngine ON
  SSLCertificateFile /etc/httpd/conf.d/ssl/---/ssl.crt
  SSLCertificateKeyFile /etc/httpd/conf.d/ssl/---/ssl.key
  SSLCertificateChainFile /etc/httpd/conf.d/ssl/---/intermediate.crt

  <Directory "/var/www/vhosts/---/app/www">
    Options Indexes FollowSymLinks
    AllowOverride All
  </Directory>
</VirtualHost>

<VirtualHost *:80>
  ServerAdmin support@---
  ServerName staging.---
  DocumentRoot /var/www/vhosts/---/staging/www/
  ErrorLog /var/www/vhosts/---/staging/log/error.log

  <Directory "/var/www/vhosts/---/staging/www">
    Options Indexes FollowSymLinks
    AllowOverride All
  </Directory>
</VirtualHost>

<VirtualHost *:443>
  ServerAdmin support@---
  ServerName staging.---
  DocumentRoot /var/www/vhosts/---/staging/www/
  ErrorLog /var/www/vhosts/---/staging/log/ssl.log

  SSLEngine ON
  SSLCertificateFile /etc/httpd/conf.d/ssl/---/ssl.crt
  SSLCertificateKeyFile /etc/httpd/conf.d/ssl/---/ssl.key
  SSLCertificateChainFile /etc/httpd/conf.d/ssl/---/intermediate.crt

  <Directory "/var/www/vhosts/---/staging/www">
    Options Indexes FollowSymLinks
    AllowOverride All
  </Directory>
</VirtualHost>

If I change this line:

<VirtualHost *:443>

To:

<VirtualHost SERVER_IPADDRESS:443>

The first definition will work as expected and use the correct certificate. When I restart Apache I receive a message in the terminal stating there's a duplicate entry and only the first will be used.

With the conf as it is above I don't receive any errors or warnings in the terminal, but I have seen this in Apache's log:

[warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!

From what I've read online that warning is expected and shouldn't be a problem.

Running configtest shows Syntax OK.

It seems the problem is named virtual hosts with SSL. I've checked 3 guides online and tried a variety of things (using *.domain.com as ServerName for both, app.domain.com as ServerAlias), subdomains as the directive (app.domain.com:443) but can't figure out the right combination to serve each subdomain under both 80 and 443 using only one IP address.

I know it's possible. Any ideas on what I'm missing?

Answers


Check the version of apache you are using. It may be that your apache is too old to support it. I think sni was supported in apache 2.2.12 and later.


The only solution I was able to find which isn't a great one was to rebuild on CentOS 6.4. The issue as noted by Russ is that the built in Apache/OpenSSL do not support SNI. I managed to get OpenSSL upgraded in 5.9, but I was not able to build Apache with SNI. I compiled it using a guide that showed the flags to use but it didn't work. That's not to say it can't be done and I may have done it wrong, this was easier since it's for a new site and downtime isn't an issue.

Once the issue was corrected the warning in error_log changes to this:

[warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)

Thanks for the help!


Need Your Help

Win32 File Properties dialog not displaying in Java Swing app via JNI

java winapi jni

I have a Java Swing application with a couple of pieces of native functionality added via JNI. One thing this application does is show a tree view of the file system. I was trying to write a litt...

how to deploy php site using xampp?

php mysql deployment xampp

I have a pre developed PHP project and I need to deploy it using xampp

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.