我在 80 和 443 端口上配置了一个虚拟主机(Centos 5.6 和 Apache 2.2.3),以下是我写的配置:
Listen 80
Listen 443
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName www.abc.be
ServerAlias abc.be
.
.
</VirtualHost>
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName www.abc.fr
ServerAlias abc.fr
.
.
</VirtualHost>
然后我定义 443:
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName www.abc.be
ServerAlias abc.be
.
.
SSLEngine on
SSLCertificateFile /etc/ssl/private/abc.be.crt
SSLCertificateKeyFile /etc/ssl/private/abc.be.key
SSLCertificateChainFile /etc/ssl/private/gd_bundle_be.crt
</VirtualHost>
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName www.abc.fr
ServerAlias abc.fr
.
.
SSLEngine on
SSLCertificateFile /etc/ssl/private/abc.fr.crt
SSLCertificateKeyFile /etc/ssl/private/abc.fr.key
SSLCertificateChainFile /etc/ssl/private/gd_bundle_fr.crt
</VirtualHost>
第一个 SSL 证书工作abc.be正常,但第二个域abc.fr仍然发送第一个 SSL。
以下是的输出apachictl -s:
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443 is a NameVirtualHost
default server www.abc.be (/etc/httpd/conf/httpd.conf:1071)
port 443 namevhost www.abc.fr (/etc/httpd/conf/httpd.conf:1071)
答案1
这是完全可以预料到的。参见为什么不能使用基于名称的虚拟主机来识别不同的 SSL 虚拟主机?并寻求可能的解决方案,服务器名称指示。
答案2
如果您拥有多个 IP 地址,或者可以获得一个 IP 地址,则可以将每个 SSL 主机绑定到不同的 IP。
<VirtualHost 1.2.4.5:443>
ServerAdmin [email protected]
ServerName www.abc.be
ServerAlias abc.be
...
SSLEngine on
SSLCertificateFile /etc/ssl/private/abc.be.crt
SSLCertificateKeyFile /etc/ssl/private/abc.be.key
SSLCertificateChainFile /etc/ssl/private/gd_bundle_be.crt
...
<VirtualHost 5.6.7.8:443>
ServerAdmin [email protected]
ServerName www.abc.fr
ServerAlias abc.fr
...
SSLEngine on
SSLCertificateFile /etc/ssl/private/abc.fr.crt
SSLCertificateKeyFile /etc/ssl/private/abc.fr.key
SSLCertificateChainFile /etc/ssl/private/gd_bundle_fr.crt
...