skip to Main Content

I have a httpd.conf file with the following content.

<VirtualHost demo.mydomain.com:443>
        DocumentRoot "/var/www/html/demo"
        ServerName "demo"
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/demo.mydomain.com.crt
        SSLCertificateKeyFile /etc/ssl/certs/demo.mydomain.com.key
        SSLCACertificateFile /etc/ssl/certs/demo.mydomain.com.ca-bundle
</VirtualHost>
<VirtualHost pay.mydomain.com:443>
        DocumentRoot "/var/www/html/pay"
        ServerName "pay"
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/pay.mydomain.com.crt
        SSLCertificateKeyFile /etc/ssl/certs/pay.mydomain.com.key
        SSLCACertificateFile /etc/ssl/certs/pay.mydomain.com.ca-bundle
</VirtualHost>

When I check the domains with an SSL checker, everything looks fine. But browser can run only the first one. The second one, pay.mydomain.com gives an SSL error and the browser says NET::ERR_CERT_COMMON_NAME_INVALID error.

If I remove the first one, pay.mydomain.com starts working. I have no idea what is going on and how can I solve this problem in this case.

2

Answers


  1. Double-check the names that are in your certificates. Your VHosts are configured to respond to the names pay and demo, without any further domain. A proper CA would in all likelihood not issue certificates for those names at all.

    That you can put a name in the initial <VirtualHost> instead of an IP or * is a bit misleading, it’s equivalent to putting the corresponding IP there, but it doesn’t make httpd map requests to that name ot that VirtualHost block and is discouraged.

    So what I think you’re seeing is that pay and demo have the same IP, you visit with the full domain name pay.mydomain.com, there is no matching ServerName, so the default (first) VirtualHost is selected. At that point, the connection fails because the certificate is only good for the name demo.mydomain.com. (I think httpd issues a warning on startup if you have certificates that do not match ServerName, but it’s not a fatal error.)

    Login or Signup to reply.
  2. Replace

    <VirtualHost demo.mydomain.com:443>
            DocumentRoot "/var/www/html/demo"
            ServerName "demo"
    ...
    <VirtualHost pay.mydomain.com:443>
            DocumentRoot "/var/www/html/pay"
            ServerName "pay"
    ...
    

    with

    <VirtualHost *:443>
            DocumentRoot "/var/www/html/demo"
            ServerName demo.mydomain.com
    ...
    <VirtualHost *:443>
            DocumentRoot "/var/www/html/pay"
            ServerName pay.mydomain.com
    ...
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search