Multiple SSL certificates on Apache using multiple public IPs - not working

Posted by St. Even on Server Fault See other posts from Server Fault or by St. Even
Published on 2012-12-18T07:25:21Z Indexed on 2012/12/18 11:04 UTC
Read the original article Hit count: 198

Filed under:
|
|

I need configure multiple SSL certificates on a single Apache server. I already know that I need multiple external IP addresses as I cannot use SNI (only running Apache 2.2.3 on this server).

I assumed that I had everything configured correctly, unfortunately things are not working as they should (or maybe I should say, as I expected them to work)...

In my httpd.conf I have:

NameVirtualHost *:80
NameVirtualHost *:443

Lets say my public IP is 12.0.0.1 and my private IP is 192.168.0.1.

When I use the public IP in my vhost my default website is being shown instead the one defined in my vhost, e.g.:

<VirtualHost 12.0.0.1:443>
   ServerAdmin [email protected]

   ServerName blablabla.site.com

   DocumentRoot /data/sites/blablabla.site.com

   ErrorLog /data/sites/blablabla.site.com-error.log
   #CustomLog /data/sites/blablabla.site.com-access.log common

   SSLEngine On
   SSLCertificateFile /etc/httpd/conf/ssl/blablabla.site.com.crt
   SSLCertificateKeyFile /etc/httpd/conf/ssl/blablabla.site.com.key
   SSLCertificateChainFile /etc/httpd/conf/ssl/blablabla.site.com.ca-bundle

   <Location />
       SSLRequireSSL On
       SSLVerifyDepth 1
       SSLOptions +StdEnvVars +StrictRequire
   </Location>

</VirtualHost>

When I use the private IP in my vhost everything works as it should (the website defined in my vhost is being shown), e.g.:

<VirtualHost 192.168.0.1:443>
...same as above...
</VirtualHost>

My server is listening on all interfaces:

[root@grbictwebp02 httpd]# netstat -tulpn | grep :443
tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN      5585/httpd

What am I doing wrong? If I cannot get this to work I cannot continue to add the second SSL certificate on the other public IP...

If more information is required just let me know!

© Server Fault or respective owner

Related posts about apache2

Related posts about ssl