SNI拿错了证书

时间:2015-03-20 14:12:28

标签: apache certificate sni

我得到了以下设置

Listen 443
NameVirtualHost *:443
    <virtualhost *:443>
    Servername  1.domain.com
    DocumentRoot /1
    SSLEngine on
    SSLVerifyClient none
    SSLCertificateFile /etc/apache/1.cer
    SSLCertificateKeyFile /etc/apache/1.key
    SSLCertificateChainFile /etc/apache/1.crt
    </virtualhost>

    <virtualhost *:443>
    Servername  2.domain.com
    DocumentRoot /2
    SSLEngine on
    SSLVerifyClient none
    SSLCertificateFile /etc/apache/2.cer
    SSLCertificateKeyFile /etc/apache/2.key
    SSLCertificateChainFile /etc/apache/2.crt
    </virtualhost>

出于某种原因,SNI从网站2上的1.domain.com获取证书,导致连接警告页面不安全。有谁知道为什么? 我正在使用apache Apache / 2.2.15(Unix) 和OpenSSL 1.0.1e-fips

1 个答案:

答案 0 :(得分:0)

我设法让它工作,显然apache要求namevirtualhost位于/​​etc/httpd/conf.d/ssl.conf文件而不是httpd.conf