SSL on subdomain issue

Discussion in 'Apache' started by adman_9000, Mar 30, 2010.

0
  1. #1
    Hi,
    I have a website with a subdomain and purchased a verisign certificate with a subject alternate name as advised. I have since spent 2 weeks emailing verisign support and my hosting company trying to figure out why its not working so hopefully someone here can help!

    I suspect its to do with my virtualhost configuration which is as below


    <VirtualHost *:80>
    	ServerName www.mysite.com
	DocumentRoot C:/xampp/htdocs/mysite.com/htdocs  
</VirtualHost>

<VirtualHost *:80>
    	ServerName subdomain.mysite.com
	DocumentRoot C:/xampp/htdocs/mysite.com/htdocs/subdomain
</VirtualHost>

<VirtualHost *:443>
  	ServerName "www.mysite.com"
	DocumentRoot "C:/xampp/htdocs/mysite.com/htdocs" 
	SSLEngine on
	SSLCertificateFile "C:/xampp/ssl/server.crt"
  	SSLCertificateKeyFile "C:/xampp/ssl/server.key"
	SSLCACertificateFile "C:/xampp/ssl/intermediate.crt"
</VirtualHost>


<VirtualHost *:443>
  	ServerName "subdomain.mysite.com"
	DocumentRoot "C:/xampp/htdocs/mysite.com/htdocs/subdomain"
	SSLEngine on
	SSLCertificateFile "C:/xampp/ssl/server.crt"
  	SSLCertificateKeyFile "C:/xampp/ssl/server.key"
	SSLCACertificateFile "C:/xampp/ssl/intermediate.crt"
</VirtualHost>
    Code (markup):
    The http version works fine. The https version always sends visitors to the www.mysite.com site even if the enter subdomain.mysite.com. If I swap the order around then they always get sent to the subdomain. I know this is what would happen with a standard SSL certificate - basically it just sends visitors to the first one it finds, but with SANs this setup should work (according to verisign)

    If you need any other information on the server configuration let me know.

    Thanks
     
    adman_9000, Mar 30, 2010 IP
  2. sacx13

    sacx13 Active Member

    Messages:
    438
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    58
    #2
    SSL is a separate layer who encapsulate HTTP protocol, so the SSL will take place before any HTTP session start. SSL just get an request from an ip address on port 443 and it doesn't care about host who access it, and because of that SSL doesn't know which virtual host to use. To fix that you should use an different IP address for each SSL host.

    I hope you understand my explanations. Also try search about wildcard certificates.

    More documentation here: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html

    Regards
     
    sacx13, Mar 30, 2010 IP