-1

We have 3 Domains pointing to one IP. Among them 2 Domains (app.fr , app.com) need to be SSL certified. we do have sub domains and our certificate supports sub domains as well.

app.fr has sub domain admin.app.fr - that loads fine under https app.com also has a sub domain admin1.app.com - that's not loading https gives the bellow error

This server could not prove that it is admin.app.com; 
its security certificate is from "*.app.fr". This may be caused by a
misconfiguration or an attacker intercepting your connection.

when I put the  app.com vhost 1st and app.fr bellow. 
admin1.app.com loads fine
admin.app.fr gives error on load

This server could not prove that it is admin1.app.fr; its security certificate is from "*.app.com". This may be caused by a misconfiguration or an attacker intercepting your connection.

It taking the 1st vhost certificate as default - I guess

Can Anyone help me to Solve the Issue Please,

Bellow is my http.conf 

<VirtualHost ip:80>
     DocumentRoot /app/
     ServerAlias *.app.fr
     RewriteEngine on
     RewriteCond %{HTTP_HOST} ^(.+)\.app\.fr$ [NC]
     RewriteCond %{HTTP_HOST} !=www.app.fr
     RewriteRule (.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost>

<VirtualHost ip:80>
     DocumentRoot /app/
     ServerAlias *.app.com
     RewriteEngine on
     RewriteCond %{HTTP_HOST} ^(.+)\.app\.com$ [NC]
     RewriteCond %{HTTP_HOST} !=www.app.com
     RewriteRule (.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost>

<VirtualHost ip:443>
     DocumentRoot /app/
     ServerAlias *.app.fr
     SSLEngine on
     SSLCertificateFile /certificate.crt
     SSLCertificateKeyFile /fr_server.key
     SSLCertificateChainFile /SSLCA2.pem
</VirtualHost>
#SSL app.com
<VirtualHost ip:443>
     DocumentRoot /app/
     ServerAlias *.app.com
     SSLEngine on
     SSLCertificateFile /certificate1.crt
     SSLCertificateKeyFile /com_server.key
     SSLCertificateChainFile /SSLCA2.pem
</VirtualHost>
Keerthana
  • 27
  • 4
  • There are enough guides on how to configure multiple VirtualHost with ssl on the same IP address. It is unknown what you did wrong since you don't even say what you actually did (i.e. provide the full config). – Steffen Ullrich Apr 05 '18 at 15:22
  • I have add my config – Keerthana Apr 06 '18 at 04:55
  • Are you sure that this is the correct and full config? It looks like that you are using the same certificate in `/certificate.crt` for both domains although you claim to use different keys - which does not make sense. – Steffen Ullrich Apr 06 '18 at 05:46
  • yes, I have put the correct certificate, www.app.fr & www.app.com loads under https – Keerthana Apr 06 '18 at 05:50
  • What client do you use to access the site? It might be a client which does not support the SNI extension which is required if you have multiple certificates on the same IP address. – Steffen Ullrich Apr 06 '18 at 08:25
  • Having 2 virtual host file - for each domain , will it solve the issue? – Keerthana Apr 06 '18 at 12:16
  • Including files with a VirtualHost section in the main file makes no difference to having the VirtualHost sections directly in the main file. – Steffen Ullrich Apr 06 '18 at 12:20

1 Answers1

0

You need to generate a SAN certificate.

Henry Wong
  • 105
  • 6
  • That is for multiple Domain, we do have sub domains as well. for each domain we purchase https://wiki.gandi.net/en/ssl/standard/wildcard , one for app.fr and another for app.com. – Keerthana Apr 06 '18 at 12:19
  • check out https://www.sslshopper.com/ssl-checker.html#hostname=api.smartystreets.com - api.smartystreets.com has a wildcard SAN. multiple domains as well as subdomains - so it possible with SAN certificate. check out https://google.com -- see https://stackoverflow.com/questions/21489525/is-a-wildcard-san-certificate-possible – Henry Wong Apr 06 '18 at 12:58
  • I added a serverName in the 2nd and 4th block of .conf file as ServerName other.app.com then ServerAlias *.app.com. then both the sub domains loads and works. – Keerthana Apr 16 '18 at 07:04