https and virtual hosts problem

I have two sites running on my Apache2 server, acme.com & example.com

Acme.com has SSL enabled as it provides an https payment gateway.
Example.com is http only.

I have configured them as follows:


/etc/apache2/sites-enabled/acme

ServerName www.acme.com
ServerAlias acme.com
DocumentRoot /var/www/acme
ErrorLog /var/log/apache2/acme-error.log
CustomLog /var/log/apache2/acme-access.log combined


ServerName www.acme.com
ServerAlias acme.com
DocumentRoot /var/www/acme
ErrorLog /var/log/apache2/acme-error.log
CustomLog /var/log/apache2/acme-access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/ssl.crt/www.acme.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/ssl.key/www.acme.com.key


/etc/apache2/sites-enabled/example
NameVirtualHost www.example.com:80

ServerName www.example.com
ServerAlias example.com
DocumentRoot /var/www/example
ErrorLog /var/log/apache2/example-error.log
CustomLog /var/log/apache2/example-access.log combined



http://www.acme.com - works fine
https://www.acme.com - works fine
http://www.example.com - works fine

https://www.example.com - redirects me to https://www.acme.com!
How do I avoid this happening?


Many thanks

Re: https and virtual hosts problem

Post removed (X-No-Archive: yes)

Re: https and virtual hosts problem

Davide Bianchi wrote:
> On 2007-05-06, egod wrote:
>
>>http://www.acme.com - works fine
>>https://www.acme.com - works fine
>>http://www.example.com - works fine
>>
>>https://www.example.com - redirects me to https://www.acme.com!
>>How do I avoid this happening?
>
>
> You can define another ssl-enabled site for www.example.com and
> handle it there, but you always will receive a message that the
> certificate is for the wrong server. Is the way the https protocol
> works. Or you could use two different IP addresses for the two
> site. That would take care of everything.
>
> Davide
>

The reason being that the https server doesnt know what the v1.1 http
header looks like until AFTER it has been unscrambled - which can only
be done within the defined virtual host - by which time its too late.

You might like to experiment to find out, but I think the https server
is doing what its doing because its the ONLY secure server at that
address. The results look completely predictable to me.

I read recently somewhere in the Apache documantation that its not
possible to create multiple virtual https hosts on the same machine
using the same port. So .. either buy another IP address .. or use
another port. If you want, I will try to locate the link for you

Regards


Frederick

Re: https and virtual hosts problem

Frederick Smith wrote:


> The reason being that the https server doesnt know what the v1.1 http
> header looks like until AFTER it has been unscrambled - which can only
> be done within the defined virtual host - by which time its too late.
>
> You might like to experiment to find out, but I think the https server
> is doing what its doing because its the ONLY secure server at that
> address. The results look completely predictable to me.
>
> I read recently somewhere in the Apache documantation that its not
> possible to create multiple virtual https hosts on the same machine
> using the same port. So .. either buy another IP address .. or use
> another port. If you want, I will try to locate the link for you
>

There is an exception to this. A wildcard certificate for *.domain.com
will enable you to do https for multiple virtual hosts on the same port.
This is because they all use the same certificate.

Jim

Re: https and virtual hosts problem

"Jim Hayter" schreef in bericht
news:139j9jl7ubok2dc@news.supernews.com...
>> I read recently somewhere in the Apache documantation that its not
>> possible to create multiple virtual https hosts on the same machine
>> using the same port. So .. either buy another IP address .. or use
>> another port. If you want, I will try to locate the link for you
>
> There is an exception to this. A wildcard certificate for *.domain.com
> will enable you to do https for multiple virtual hosts on the same port.
> This is because they all use the same certificate.
>
Given the domains www.acme.com and www.example.com a wildcard certificate
won't do the tric.

OP may try his luck with SubjectAltName-support
http://wiki.cacert.org/wiki/VhostTaskForce
http://www.entrust.net/ssl-products.htm
http://issues.apache.org/bugzilla/show_bug.cgi?id=34607

Might need to use mod_gnuls in stead of mod_ssl.
Might need to merge all sites into a single virtual host, by using a server
alias for each one, and revirtualize them by other means then apache
vhostting ...

HansH