OK...got most of what I needed working on the HTTP server  once I updated PHP, so I added back my SSL certs through DCM.   I have 6 vhosts, 3 of which use SSL.  These all worked on my 7.2 box. I grabbed the http.conf files because it worked so well and I didn't want to lose the config that worked.  It no longer does.

What I discovered a few years back that if you want to use SSL in virtual host configurations, the secret was using these directives (in my reverse proxy):

<VirtualHost *:443>
ServerName www.website.com
ServerAlias website.com

SSLEngine On
SSLAppName QIBM_HTTP_SERVER_WEBSITE  (From SSL config and assigning certificate to application)
SSLProtocolDisable SSLv2 SSLv3
SSLServerCert "website" (Actual name of certificate label in DCM)

ProxyPreserveHost on

ProxyPass / http://10.0.10.206:5080/
ProxyPassReverse / http://10.0.10.206:5080/

</VirtualHost>

So, I have three of these and they have identical formats except for the names and the proxy redirects.  So, the SSL is fine on website 1.  I get a "Your connection is not private" error on website 2 because it picks up the cert from website 1.  Website 3 is fine.

So, I thought maybe there is something wrong with the certificate.  So I swapped website 1 and 2 in the listing order. Now the original 2nd website is listed first.  Now the "website 2" that is the first vhost entry is fine but number 1 is in error, complaining this time the certificate for website 2 (listed first now) is incorrect.  It doesn't seem to be honoring the SSLAppName or SSLServerCert on the second vhost. Website 3 is still fine.

It is only those two SSL virtual hosts that have this issue. AND, they were working before.  The third website works fine regardless of the order the virtual host entries are in.  Weirder still, even if I get the error on the cert on the website, I can go to https://www.ssllabs.com and test the certificate and it returns the correct certificate for the correct website and an "A" rating.

Anyone seen this before?  I am stumped.....


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.