One way to fix Apache serving up the wrong SSL certificate

June 2nd, 2008 by noah

I ran into an issue today on an Ubuntu server running Apache 2 where the server already had an SSL certificate for ‘www.domain.com’ and the client wanted to add a second one for ‘sub.domain.com’.  I added a new IP to the server, set up the virtual site, and generated the CSR and ordered and installed the cert normally, but when I tried to view the new virtual site, it gave me the new site directory but with the old ‘www’ cert, causing a cert name mis-match error.

The old virtual site’s apache config file had the site bound to *:443, so when I added the new site I changed the old one to [Old IP Address]:443, so it wouldn’t conflict with the new one which was bound to [New IP Address]:443. While logically it seemed like that should have worked, it didn’t, and was serving up the old cert for the new site.

I fixed the issue by changing the binding for the old virtual site back to *:443, while leaving the new one on [new IP address]:443. To me, it seems like this shouldn’t work, and that the *:443 would catch all the requests, but apparently that’s how it is supposed to be, and the binding with the IP address overrides the wildcard binding. Who knew?

Bookmark and Share

This entry was posted on Monday, June 2nd, 2008 at 11:41 am and is filed under Code, Tips and Tricks, Web Development. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “One way to fix Apache serving up the wrong SSL certificate”

  1. Arnold Bailey Says:
    February 21st, 2010 at 10:19 am

    You have really great taste on catch article titles, even when you are not interested in this topic you push to read it

 

Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word