grblades
asked on
Apache SNI not working
I have a Centos 6.9 machine with Apache 2.2.15 and OpenSSL 1.0.1e which according to my research supports SNI.
I have "NameVirtualHost *:443" defined in the main httpd.conf file.
The difestyle certificate is a purchased one. The one for darksidediving was created using the letsencrypt certbot tool and it created the additional configuration file for the darkside ssl config .
The issue I am having is that when I go to the darkside https page I get a certificate warning and looking at it I am being given the divestyle certificate instead of the darkside one. I tried the ssllabs tools just to make sure it was not my browser.
divestyle.conf
darkside-le-ssl.conf
I have "NameVirtualHost *:443" defined in the main httpd.conf file.
The difestyle certificate is a purchased one. The one for darksidediving was created using the letsencrypt certbot tool and it created the additional configuration file for the darkside ssl config .
The issue I am having is that when I go to the darkside https page I get a certificate warning and looking at it I am being given the divestyle certificate instead of the darkside one. I tried the ssllabs tools just to make sure it was not my browser.
divestyle.conf
# live site
<VirtualHost *:80>
ServerName www.divestyle.co.uk
ServerAlias divestyle.co.uk
DocumentRoot /var/www/htdocs
<Directory "/var/www/htdocs">
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
# live secure site
<VirtualHost *:443>
ServerName www.divestyle.co.uk
ServerAlias divestyle.co.uk
DocumentRoot /var/www/htdocs
SSLEngine on
SSLProtocol All -SSLv3 -SSLv2
SSLCipherSuite HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH
SSLCertificateFile /etc/httpd/conf.d/ssl/www_divestyle_co_uk.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/www_divestyle_co_uk.key
SSLCACertificateFile /etc/httpd/conf.d/ssl/www_divestyle_co_uk.int.crt
<Directory "/var/www/htdocs">
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
darkside-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName darksidediving.co.uk
ServerAlias www.darksidediving.co.uk
DocumentRoot /var/www/www.darksidediving.co.uk
<Directory "/var/www/www.darksidediving.co.uk">
AllowOverride all
Order allow,deny
Allow from all
</Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/darksidediving.co.uk/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/darksidediving.co.uk/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/darksidediving.co.uk/chain.pem
</VirtualHost>
</IfModule>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER