Link to home
Start Free TrialLog in
Avatar of grblades
grbladesFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Apache SNI not working

I have a Centos 6.9 machine with Apache 2.2.15 and OpenSSL 1.0.1e which according to my research supports SNI.
I have "NameVirtualHost *:443" defined in the main httpd.conf file.

The difestyle certificate is a purchased one. The one for darksidediving was created using the letsencrypt certbot tool and it created the additional configuration file for the darkside ssl config .

The issue I am having is that when I go to the darkside https page I get a certificate warning and looking at it I am being given the divestyle certificate instead of the darkside one. I tried the ssllabs tools just to make sure it was not my browser.

divestyle.conf
# live site
<VirtualHost *:80>
  ServerName www.divestyle.co.uk
  ServerAlias divestyle.co.uk
  DocumentRoot /var/www/htdocs
  <Directory "/var/www/htdocs">
    AllowOverride all
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

# live secure site
<VirtualHost *:443>
  ServerName www.divestyle.co.uk
  ServerAlias divestyle.co.uk
  DocumentRoot /var/www/htdocs
  SSLEngine on
  SSLProtocol All -SSLv3 -SSLv2
  SSLCipherSuite HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH
  SSLCertificateFile /etc/httpd/conf.d/ssl/www_divestyle_co_uk.crt
  SSLCertificateKeyFile /etc/httpd/conf.d/ssl/www_divestyle_co_uk.key
  SSLCACertificateFile /etc/httpd/conf.d/ssl/www_divestyle_co_uk.int.crt
  <Directory "/var/www/htdocs">
    AllowOverride all
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

Open in new window


darkside-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName darksidediving.co.uk
  ServerAlias www.darksidediving.co.uk
  DocumentRoot /var/www/www.darksidediving.co.uk
  <Directory "/var/www/www.darksidediving.co.uk">
    AllowOverride all
    Order allow,deny
    Allow from all
  </Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/darksidediving.co.uk/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/darksidediving.co.uk/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/darksidediving.co.uk/chain.pem
</VirtualHost>
</IfModule>

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of David Favor
David Favor
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of grblades
grblades
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

I moved the Divestyle config file and restarted apache and got a warning that there were no virtualhosts on port 443. Looking at the config certbot added it was checking if mod_ssl.c was loaded which was wrong. Fixed that and moved the Divestyle config back and it all works.