I have limited experience setting up SSL certs, so far i've been able to get single SSL certs working on different servers, now I'm stuck trying to get a wildcard SSL cert setup alongside an existing organisational SSL for same domain, it keeps pointing at the organisational cert even though I specify the wildcard cert in the the virtual host.
I'll try explain the best I can using sample data:
- organisational certificate
site.example.com - wildcard certificate
*.example.com
apache version 2.2.3
I will leave out the port 80 stuff as there is no issues there
Example configuration:
NameVirtualHost *:443
NameVirtualHost 192.0.2.201:443
NameVirtualHost 192.0.2.202:443
<VirtualHost 192.0.2.202:443>
ServerName site.example.com
DocumentRoot /var/www/html/site
SSLEngine On
SSLCertificateFile /locationof/organisational.crt
SSLCertificateChainFile /locationof/organisational.intermediate.pem
SSLCertificateKeyFile /locationof/organisational.key
</VirtualHost>
<VirtualHost 192.0.2.202:443>
ServerName mytestsite.example.com
DocumentRoot /var/www/html/mytestsite
SSLEngine On
SSLCertificateFile /locationof/wildcard.crt
SSLCertificateChainFile /locationof/wildcard.intermediate.pem
SSLCertificateKeyFile /locationof/wildcard.key
</VirtualHost>
There are no issues with either certificate.
When I restart Apache and go to https://mytestsite.example.com in Firefox it tells me 'Your connection is not sercure' when expanding the Advanced button I can see from the message 'The certificate is only valid for the following names: site.example.com, www.site.example.com' So I guess it's picking up the organisational virtual host each time and isn't getting to the wildcard virtual host, I've tried switching them about as I've read that Apache can be affected by the order of the virtual hosts but it made no difference to me.
I'm sure it's something simple I'm doing wrong but I've searched various sites and Google but just can't pinpoint the issue :(
EDIT - additional info from running httpd -S
192.0.2..201:443 is a NameVirtualHost
default server www.anothersite.net (/etc/httpd/conf/httpd.conf:aaaa)
port 443 namevhost www.anothersite.net (/etc/httpd/conf/httpd.conf:aaaa)
192.0.2.202:443 is a NameVirtualHost
default server site.example.com (/etc/httpd/conf/httpd.conf:xxxx)
port 443 namevhost site.example.com (/etc/httpd/conf/httpd.conf:xxxx)
port 443 namevhost mytestsite.example.com (/etc/httpd/conf/httpd.conf:yyyy)
wild alias *.*
*:443 is a NameVirtualHost
default server someoldsite.com (/etc/httpd/conf.d/ssl.conf:xx)
port 443 namevhost someoldsite.com (/etc/httpd/conf.d/ssl.conf:xx)
// there is no virtual host for this old site, it seems it is the name of the server inside /etc/hosts file
I checked the *:443 path in case there was a redirect or something like that but there is not. I've added in the additional NameVirtualHost settings to example configuration. From the info above I'm still not sure what's going wrong! The wildcard SSL certificate is set up on 2 other servers and works fine but it is the only SSL certificates on those servers as opposed to this server which has 2 others and 1 sharing the same domain
EDIT 2
there is a ssl.conf file being include with the following <VirtualHost _default_:443> but don't think that is causing any harm?
this server has been working fine using both certs on .201 and .202 and the wildcard cert works fine on two other servers, I just can't get the wildcard ssl cert to work along with the .202 organisational cert :(
