Question posted in 
I have a httpd.conf file with the following content.
<VirtualHost demo.mydomain.com:443>
DocumentRoot "/var/www/html/demo"
ServerName "demo"
SSLEngine on
SSLCertificateFile /etc/ssl/certs/demo.mydomain.com.crt
SSLCertificateKeyFile /etc/ssl/certs/demo.mydomain.com.key
SSLCACertificateFile /etc/ssl/certs/demo.mydomain.com.ca-bundle
</VirtualHost>
<VirtualHost pay.mydomain.com:443>
DocumentRoot "/var/www/html/pay"
ServerName "pay"
SSLEngine on
SSLCertificateFile /etc/ssl/certs/pay.mydomain.com.crt
SSLCertificateKeyFile /etc/ssl/certs/pay.mydomain.com.key
SSLCACertificateFile /etc/ssl/certs/pay.mydomain.com.ca-bundle
</VirtualHost>
When I check the domains with an SSL checker, everything looks fine. But browser can run only the first one. The second one, pay.mydomain.com gives an SSL error and the browser says NET::ERR_CERT_COMMON_NAME_INVALID error.
If I remove the first one, pay.mydomain.com starts working. I have no idea what is going on and how can I solve this problem in this case.
2
Answers
Double-check the names that are in your certificates. Your VHosts are configured to respond to the names
payanddemo, without any further domain. A proper CA would in all likelihood not issue certificates for those names at all.That you can put a name in the initial
<VirtualHost>instead of an IP or*is a bit misleading, it’s equivalent to putting the corresponding IP there, but it doesn’t make httpd map requests to that name ot that VirtualHost block and is discouraged.So what I think you’re seeing is that pay and demo have the same IP, you visit with the full domain name
pay.mydomain.com, there is no matchingServerName, so the default (first)VirtualHostis selected. At that point, the connection fails because the certificate is only good for the namedemo.mydomain.com. (I think httpd issues a warning on startup if you have certificates that do not matchServerName, but it’s not a fatal error.)Replace
with