Find the answer to your Linux question:
Results 1 to 3 of 3
Hello All, I'm having some problems getting some SSL certificates to work. So my question is, is it possible to have 2 SSL certificates working off 1 IP address where ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2013
    Posts
    2

    Angry Name-Based VirtualHosts and SSL domain and subdomain


    Hello All,

    I'm having some problems getting some SSL certificates to work.

    So my question is, is it possible to have 2 SSL certificates working off 1 IP address where 1 certificate is a subdomain of the other certificate. If so how?

    Basically I have a cert for
    mydomain and
    m.mydomain

    However after setting everything up as follows;
    wiki.apache .org/httpd/NameBasedSSLVHosts

    Only the first certificate in list loads and works. Each certificate loads and works on its own, but not together. Apache starts with no errors and each of the error logs for the 2 SSL certificate are empty.

    SUSE Linux Enterprise Server 10 (i586)
    Apache/2.2.11 (Unix)

    Any ideas?

    RESOLVED: I'm using OpenSSL v 0.9.8a requires 0.9.8a or above
    Last edited by n0_order; 07-30-2013 at 04:48 PM. Reason: RESOLVED

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    hello and welcome, n0_order!

    i'm glad you got it sorted, but i'm a little confused by your (abbreviated) solution. so did you need to upgrade to OpenSSL v0.9.8a to make it work? Any other specifics? Your input would be valuable to others that find your post in the ether.

    Also, note that you can mark your threads as Solved using the Thread Tools link at the top of the page (of course, we will do it for you if we notice that you are happy).

  3. #3
    Just Joined!
    Join Date
    Jul 2013
    Posts
    2

    Talking What I did to get it to work

    Quote Originally Posted by atreyu View Post
    hello and welcome, n0_order!

    i'm glad you got it sorted, but i'm a little confused by your (abbreviated) solution. so did you need to upgrade to OpenSSL v0.9.8a to make it work? Any other specifics? Your input would be valuable to others that find your post in the ether.

    Also, note that you can mark your threads as Solved using the Thread Tools link at the top of the page (of course, we will do it for you if we notice that you are happy).
    v0.9.8F or later is required for Apache with multiple SSL Certificates on a single IP address using SNI. My version of apache had v0.9.8A installed. So after following the how to for setting up SNI, I ended up getting an error message in my httpd access log saying that what I was doing was unsupported and the first Virtual Host would take precedence.

    So yes I needed to upgrade OpenSSL from A to F in order to get the SNI features.

    I ended up following this information from ;
    https:// issues.apache.org/bugzilla/...g.cgi?id=46745
    <hr/>
    SLES 10 SP2 (x86_64)
    apache-2.2.15
    openssl-1.0.0

    An older openssl version (0.9.8a) was already installed, so I had to put the new version into a different directory (/usr/local/openssl).

    Compiled openssl with:
    Code:
      ./config -fPIC --prefix=/usr/local/openssl shared && make && make install
    Making the new libs public:
    Code:
      cd /etc/ld.so.conf.d/
      echo "/usr/local/openssl/lib64" > openssl.conf
      ldconfig -v
    Next I tried to compile apache with:
    Code:
      ./configure --prefix=/usr/local/apache --enable-mods-shared=all --with-ssl=/usr/local/openssl --enable-ssl=shared --enable-proxy=shared && make
    and ran into the same error message described above.

    After some research I found that this problem seems to be a "lib versus lib64" issue. openssl has installed the new libs in "/usr/local/openssl/lib64" and apache configure includes only a directory "/usr/local/openssl/lib" (which doesn't exist).
    Finally, in /usr/local/openssl I did a "ln -s lib64/ lib" and was able to compile apache successfully without any error messages. After that, apache started with:
    <hr/>

    I also had to add;
    /usr/local/openssl/lib
    to my
    /etc/ld.so.conf
    Last edited by atreyu; 08-02-2013 at 02:04 AM. Reason: added CODE tags and linkified link

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •