Understanding SSL (SNI) Configuration on apache

Asked 2 years ago, Updated 2 years ago, 121 views

Can I use a "hogehoge.com" certificate without a hostname when I use SSL with SNI?
You are currently registered in two domains.
1. domain1.com
2. www.domain2.com
At this time, "www.domain2.com" recognizes successfully, but "domain1.com" recognizes the previously loaded certificate and results in an error.
The environment is
httpd-2.2.15-39
openssl-1.0.1e-30
mod_ssl-2.2.15-39
Yes.
OS is centos 6.6 

LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb: /var/cache/mod_ssl/scache (512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file: /dev/urandom256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

NameVirtualHost*:443
SSLStrictSNIVHostCheckoff

<VirtualHost*:443>
    ServerName domain1.com:443
    DocumentRoot "/home/data/domain1.com/public_html"
    SSLEngine on
    SSLProtocol all-SSLv2-SSLv3
    SSLCipherSuite ALL: !ADH: !EXPORT: !SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    SSLCertificateFile/home/config/ssl_key/domain1.com/server.crt
    SSLCertificateKeyFile/home/config/ssl_key/domain1.com/server.key
    SSLCACertificateFile/home/config/ssl_key/domain1.com/ca-bundle.crt
</VirtualHost>

<VirtualHost*:443>
    ServerName www.domain2.com:443
    DocumentRoot "/home/data/domain2.com/public_html"
    SSLEngine on
    SSLProtocol all-SSLv2-SSLv3
    SSLCipherSuite ALL: !ADH: !EXPORT: !SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    SSLCertificateFile/home/config/ssl_key/www.domain2.com/server.crt
    SSLCertificateKeyFile/home/config/ssl_key/www.domain2.com/server.key
    SSLCACertificateFile/home/config/ssl_key/www.domain2.com/ca-bundle.crt
</VirtualHost>

apache ssl

2022-09-30 19:33

2 Answers

Would this article be helpful?

https://blog.apar.jp/linux/378/
http://e-garakuta.net/techinfo/doku.php/linux/apache-sni

SNIs don't seem to have any specific restrictions on hostnames, but there are a few things to keep in mind when using them.

  • Specify TLS extension options for OpenSSL
  • Build Apache Httpd using OpenSSL above
  • Not available unless the browser is SNI-enabled

Also, if possible, it may be clearer if you have installed an OS or an Apache HTTPD deployment, or if you have an httpd.conf or a conf file that you are referring to it.I hope it will be helpful.

2022-09-30 19:33

Only one certificate is valid because NameVirtualHost*:443 is not configured.Or is your browser not compatible?

If irtNameVirtualHost*:443 」 is not configured, dhttpd-t で displays the following error:

[warn]_default_VirtualHost overlap on port 443, the first has precedence

2022-09-30 19:33

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

547 Who developed the "avformat-59.dll" that comes with FFmpeg?

537 Uncaught (inpromise) Error on Electron: An object could not be cloned

642 /usr/bin/google-chrome:symbol lookup error:/usr/bin/google-chrome: undefined symbol:gbm_bo_get_modifier

980 In Java servlet, when SHA-256 sends WW-Authenticate header for digest authentication, the client does not return the result.

709 When building Fast API+Uvicorn environment with PyInstaller, console=False results in an error

© 2024 OneMinuteCode. All rights reserved.