Apche2 multiple ssl configuration not working

Question

I have set up two ssl certificates on apache2 but when i enter with domain the first certificate works and when i enter with server ipadress it shows me the same certificate which i have on domain. I have disabled default and default-ssl vhosts. Here are my virtual hosts:

<VirtualHost *:443>
    ServerAdmin mail@example.com
    ServerName example.com:443
    ServerAlias www.example.com:443
    DocumentRoot /var/www/example.com/public_html
    ErrorLog /var/log/apache2/error-log.log
    CustomLog /var/log/apache2/custom-log.log common
    DirectoryIndex index.html index.php index.xhtml index.htm
    #Allow phpmyadmin /usr/share/phpmyadmin
    <Directory /usr/share/phpmyadmin>
        Options -Indexes FollowSymLinks
        AllowOverride None
        Order deny,allow
        allow from all
    </Directory>
    <Directory />
        Options -Indexes FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
    </Directory>
    <Directory /var/www/>
        Options FollowSymLinks MultiViews -Includes -ExecCGI -Indexes
        AllowOverride All
        Order allow,deny
        allow from all
        LimitRequestBody 104857600
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

    SSLEngine on
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    SSLCertificateFile /etc/apache2/ssl/first-ssl.crt
    SSLCertificateKeyFile /etc/apache2/ssl/first-ssl.key
    SSLCertificateChainFile /etc/apache2/ssl/first-ssl.crt
</VirtualHost>


<VirtualHost *:443>
    ServerAdmin example@example.com
    ServerName 188.226.208.247
    DocumentRoot /var/www/
    SSLEngine on
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    SSLCertificateFile /etc/apache2/ssl/second-ssl.crt
    SSLCertificateKeyFile /etc/apache2/ssl/second-ssl.key
</VirtualHost>  

Answer 1

As it is mentioned in the Apache Common Misconfigurations wiki site

"...Because of the nature of SSL, host information isn't used when establishing an SSL connection. Apache will always use the certificate of the default virtual host, which is the first defined virtual host for name-based virtual hosts. While this doesn't mean that you won't ever be able to access the second virtual host, it does mean your users will always get a certificate mismatch warning when trying to access some.domain2.com..."

And from the apache docs:

"...The reason is that the SSL protocol is a separate layer which encapsulates the HTTP protocol. So the SSL session is a separate transaction, that takes place before the HTTP session has begun. The server receives an SSL request on IP address X and port Y (usually 443). Since the SSL request did not contain any Host: field, the server had no way to decide which SSL virtual host to use. Usually, it just used the first one it found which matched the port and IP address specified. ..."

It is possible to have multiple SSL certs with one IP address with SNI (Server Name Indication) but only in the most recent versions of Apache and OpenSSL (with Apache v2.2.12 and OpenSSL v0.9.8j).

In short:

If you want to use different SSL certs for virtual hosts then you need to provide a different IP address for each of them or use SNI.

Answer 2

Please check second ssl purchased for which domain and please enter domain instead of ip address .

ServerName 188.226.208.247 

change to

ServerName domainname .