OK...got most of what I needed working on the HTTP server once I
updated PHP, so I added back my SSL certs through DCM. I have 6
vhosts, 3 of which use SSL. These all worked on my 7.2 box. I grabbed
the http.conf files because it worked so well and I didn't want to lose
the config that worked. It no longer does.
What I discovered a few years back that if you want to use SSL in
virtual host configurations, the secret was using these directives (in
my reverse proxy):
<VirtualHost *:443>
ServerName www.website.com
ServerAlias website.com
SSLEngine On
SSLAppName QIBM_HTTP_SERVER_WEBSITE (From SSL config and assigning
certificate to application)
SSLProtocolDisable SSLv2 SSLv3
SSLServerCert "website" (Actual name of certificate label in DCM)
ProxyPreserveHost on
ProxyPass /
http://10.0.10.206:5080/
ProxyPassReverse /
http://10.0.10.206:5080/
</VirtualHost>
So, I have three of these and they have identical formats except for the
names and the proxy redirects. So, the SSL is fine on website 1. I get
a "Your connection is not private" error on website 2 because it picks
up the cert from website 1. Website 3 is fine.
So, I thought maybe there is something wrong with the certificate. So I
swapped website 1 and 2 in the listing order. Now the original 2nd
website is listed first. Now the "website 2" that is the first vhost
entry is fine but number 1 is in error, complaining this time the
certificate for website 2 (listed first now) is incorrect. It doesn't
seem to be honoring the SSLAppName or SSLServerCert on the second vhost.
Website 3 is still fine.
It is only those two SSL virtual hosts that have this issue. AND, they
were working before. The third website works fine regardless of the
order the virtual host entries are in. Weirder still, even if I get the
error on the cert on the website, I can go to
https://www.ssllabs.com
and test the certificate and it returns the correct certificate for the
correct website and an "A" rating.
Anyone seen this before? I am stumped.....
midrange.com
