ssl sni and apache issues

K

kg4cjv

New member
Joined
Mar 1, 2014
Messages
4
Hi,

I'm trying to setup sni for directadmin.
I've edited the config and added enable_ssl_sni=1
Then I've reconfigured and recompiled apache to support openssl.
I've generated a selfsigned certificate for one of my users domain and hit the https url. Everything worked fine.

Then I generated another selfsigned certificate for another domain for the same user and hit the https url for that site. The certificate was not the certificate that I created, it gave me a wrong site error. I checked the certificate and found out that apache is serving the browser a certificate with a CN of localhost. I didn't generate this localhost certificate where did it come from?

When I look at the http config for the user the original site that I setup https for has a VirtualHost on port 443 and 80 but when I look at the second site that I setup there is only a virtualhost for port 80.

Why isn't directadmin adding the 443 vhost for the second site?
 
Have you enabled "Secure SSL" at the domain administration? Also, do you have a private_html folder (or symlink) for the domain? Have you pasted the certificate under 'SSL Certificates' in DA under that domain?
 
Arieh said:
Have you enabled "Secure SSL" at the domain administration? Also, do you have a private_html folder (or symlink) for the domain? Have you pasted the certificate under 'SSL Certificates' in DA under that domain?
Click to expand...

Thanks for the quick response Arieh. I didn't have "Secure SSL" under the domain that's giving me problems, so I endabled it and went back and regerated the certificate under "SSL Certificates". I used directadmin to generate certificates for both domains. The apache conf now shows 443 for both domains, but apache is still serving the localhost certificate on the domain that's giving me problems.

Both domains are setup to use the symlinked private_html folder.
 
Maybe you needed to wait on apache to restart, or try to restart it manually. Also you could restart your browser as changing SSL certificates isn't a usual thing to handle for a browser.

You can also use this tool http://www.digicert.com/help/ to see if what certificate it gets.
 
Arieh said:
Maybe you needed to wait on apache to restart, or try to restart it manually. Also you could restart your browser as changing SSL certificates isn't a usual thing to handle for a browser.

You can also use this tool http://www.digicert.com/help/ to see if what certificate it gets.
Click to expand...

I've restarted apache by hand and my webbrowser and I'm still getting the same localhost certificate.
When I use digicert.com the working domain comes up with no errors (except the certificate not trusted bit, because its selfsigned), but when I punch in the domain that's giving me problems it says, "Unable to connect".
I'm not having any problems connecting using my webbrowser and I know it's opening a socket because I can telnet to port 443 (from my localmachine) and it opens a socket.

Is there anyway that I can verify that apache got configured correcting during my custom build?
 
Arieh,


Thanks for your help! I figured it out, it was a dns issue. I was pointing to the wrong server.
 
You must log in or register to reply here.
Back
Top