232

232

blog

1

1214972225

1214972225

2

1

0

1214972225

Apache Responds with Wrong Certificate

I ran into a situation where a client was accessing a test site and ended up getting a certificate from another site on the same server. Here is the setup: <br /> All virtual hosts are on the same IP address as the SSL site is on so I have this in httpd.conf: <code> Listen 192.168.1.1:80 Listen 192.168.1.1:443 NameVirtualHost 192.168.1.1:80 </code> The problem is this: Apache must create the SSL connection BEFORE the host header is received. When it receives a request on 192.168.1.1:443, it uses the cert attached to that virtual host BEFORE the web site is presented. So if you attempt to connect to a non-ssl site on HTTPS, apache sends you the cert for the SSL site and then serves up the web site of the non-ssl virtual host. At this point, the user gets a browser error! YUCK! <br /> The solution: mod_rewrite! In the virtual host configuration for the <strong>SSL</strong> site, put these rules: <code> <Directory path/to/ssl.example.com> # SERVER_HOST <> https://ssl.example.com RewriteCond %{HTTP_HOST} !^ssl\.example\.com$ [NC,OR] RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^.*$ https://ssl.example.com%{REQUEST_URI} [L,R] </Directory> </code> <br /> Explanation: The first RewriteCond checks the hostname in the header in the request. The second RewriteCond checks the port number of the request. The RewriteRule then sends the user's browser to the proper port with the proper hostname. <br /> Enjoy!

I ran into a situation where a client was accessing a test site and ended up getting a certificate from another site on the same server. Here is the setup:

3

1

davea

a:6:{s:6:"submit";s:18:"Create new account";s:7:"form_id";s:13:"user_register";s:7:"contact";i:0;s:5:"block";a:1:{s:2:"og";a:1:{i:4;i:1;}}s:8:"og_email";s:1:"2";s:15:"googleanalytics";a:1:{s:6:"custom";i:0;}}

1214972225

NULL

0