We are running ISPConfig 3.0.1.3 on a CentOS 5 machine for about 2-3 years without issues. Now we have to add another SSL certificate to on of the installed domains. There is already another domain with SSL certificate and working without issues. The second cert is installed proper and the config looks fine. However, if we reach the domain via https, the wrong certificate be used. Is there a way to check, if apache is compiled with SNI support? The config of each vhost is set to use the GIP and not just *:443.
according to wikipedia, apache 2.2.12 shall support it: http://en.wikipedia.org/wiki/Server_Name_Indication To find out the compile options of your apache, try: httpd -V or httpd -h That should be ok. if apache has sni support, then * and Ip will work for sni. Just ensure that you dont mix it (one site * and one site IP will redirect all traffic to the site with the IP.
Hello Till, thank you for your reply. The httpd -V worked, but it doesn't list any SNI support. I also checked in on another CentOS 6.5 machine where SNI is working and in use. Also there no SNI support is listed with the httpd -V. I also have checked the vhost config files for each domain. Everywhere the GIP is set. The think I don't understand is, apache seems to use the right 443 vhost config, but just not the right SSL certificate. Any other idea? Maik
Does the browser that you use support sni? sni support must exist on client side as well as on the server side. The wikipedia article list the browsers that support sni.
Yes, they do. Doesn't matter if I use latest Firefox, IE, Chrome or Opera. Always same effect. Below the config of such a vhost, what doesn't work. The config is generated by ISPConfig. <IfModule mod_ssl.c> ########################################################### # SSL Vhost ########################################################### <VirtualHost 153.47.118.224:443> DocumentRoot /var/www/XXX.com/web ServerName XXX.com ServerAlias XXX.com *.XXX.com ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/XXX.com/error.log ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 503 /error/503.html SSLEngine on SSLCertificateFile /var/www/clients/client1/web9/ssl/XXX.com.crt SSLCertificateKeyFile /var/www/clients/client1/web9/ssl/XXX.com.key <Directory /var/www/XXX.com/web> Options FollowSymLinks AllowOverride Indexes AuthConfig Limit FileInfo Order allow,deny Allow from all # ssi enabled AddType text/html .shtml AddOutputFilter INCLUDES .shtml Options +Includes </Directory> <Directory /var/www/clients/client1/web9/web> Options FollowSymLinks AllowOverride Indexes AuthConfig Limit FileInfo Order allow,deny Allow from all # ssi enabled AddType text/html .shtml AddOutputFilter INCLUDES .shtml Options +Includes </Directory> # cgi enabled <Directory /var/www/clients/client1/web9/cgi-bin> Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ /var/www/clients/client1/web9/cgi-bin/ AddHandler cgi-script .cgi AddHandler cgi-script .pl # ssi enabled AddType text/html .shtml AddOutputFilter INCLUDES .shtml # suexec enabled SuexecUserGroup web9 client1 # mod_php enabled AddType application/x-httpd-php .php .php3 .php4 .php5 php_admin_value sendmail_path "/usr/sbin/sendmail -t -i [email protected]" php_admin_value upload_tmp_dir /var/www/clients/client1/web9/tmp php_admin_value session.save_path /var/www/clients/client1/web9/tmp #php_admin_value open_basedir /var/www/clients/client1/web9:/usr/share/php5 </VirtualHost> </IfModule>
