Apache VirtualHost 未加载正确的证书

Apache VirtualHost 未加载正确的证书

我们在 Apache 2.4 上遇到了这个看似简单的配置问题。使用虚拟主机 site2.net 时,我们似乎无法获取正确的证书。我们总是获得 site1.net 的证书。以下是我们的apacectl -S

VirtualHost configuration:
*:446                  is a NameVirtualHost
         default server site1.net (/opt/rh/httpd24/root/etc/httpd/sites-enable/site1.conf:3)
         port 446 namevhost site1.net (/opt/rh/httpd24/root/etc/httpd/sites-enable/site1.conf:3)
         port 446 namevhost site2.net (/opt/rh/httpd24/root/etc/httpd/sites-enable/site2.conf:3)
*:444                  other.net (/opt/rh/httpd24/root/etc/httpd/sites-enable/other.conf:2)

以下是 VH 配置:

$ cat /opt/rh/httpd24/root/etc/httpd/sites-enable/site1.conf
<VirtualHost *:446>
    ServerName site1.net
    DocumentRoot /www/site1
    <Directory /www/site1>
        AllowOverride All
        Require all granted
    </Directory>
    SSLEngine on
    SSLCertificateKeyFile /opt/rh/httpd24/root/etc/httpd/conf/certs/site1.key
    SSLCertificateFile /opt/rh/httpd24/root/etc/httpd/conf/certs/site1.pem
</VirtualHost>

$ cat /opt/rh/httpd24/root/etc/httpd/sites-enable/site2.conf
<VirtualHost *:446>
    ServerName site2.net
    DocumentRoot "/www/site1/xyz"
    <Directory "/www/site1/xyz">
         AllowOverride All
         Require all granted
         Options -Indexes
    </Directory>
    SSLCertificateKeyFile /opt/rh/httpd24/root/etc/httpd/conf/certs/site2.key
    SSLCertificateFile /opt/rh/httpd24/root/etc/httpd/conf/certs/site2.pem
</VirtualHost>

conf 文件/opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf未定义 VirtualHost。如果我们交换证书并让第一个虚拟主机加载第二个证书,我们就能正确看到它(即证书本身没有问题)。

我们正在测试openssl s_client -connect myip:446 -servername site2.net

为什么会出现这种奇怪的行为?非常感谢!

相关内容