Apache SNI: multiple SSL certificates on one IP address

Dan Pouliot picture Dan Pouliot · Jul 31, 2013 · Viewed 12.2k times · Source

Today I'm trying to configure Apache to run two domains each with their own SSL certificate. From what I have read this is supported by SNI as long as my Apache is configured with a recent version of OpenSSL. I verified that it is:

[notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.7 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/1.0.1 configured -- resuming normal operations

I thought I had successfully set up the second domain and certificate, but when I try to visit the second domain in chrome I get the following error:

You attempted to reach example2.com, but instead you actually reached a server identifying itself as example1.com.

this post seems closest to my issue:

hosting multiple SSL certs on apache

but from what I can tell my server is already configured correctly (clearly it is not!)

I have the following directives in my conf file for example2.com

ServerName  example2.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/example2.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/example2.com.key

it looks right to me. so why is apache serving example1's cert when I visit example2?

Answer

Dan Pouliot picture Dan Pouliot · Aug 1, 2013

turns out domain 1 was configured as

<VirtualHost *:443>

I use webmin, which only reveals that detail when you view the directive directly.

changing * was part of the solution but introduced some other problems. I think I will punt and do IP-based SSL.