多个SSL证书的Apache2

Question

secure.dynaccount.com（Thawte的证书） http://certlogik.com/sslchecker/secure.dynaccount.com/

api.dynaccount.com（自签名） http://certlogik.com/sslchecker/api.dynaccount.com/

的httpd.conf

# Thawte certified 
<VirtualHost 88.198.55.138:443> 
    ServerName secure.dynaccount.com 
    DocumentRoot /var/www/dynaccount.com 

    SSLEngine on 
    SSLCertificateKeyFile /var/ini/ssl/secure.dynaccount.com/private.key 
    SSLCertificateFile /var/ini/ssl/secure.dynaccount.com/public.crt 
    SSLCertificateChainFile /var/ini/ssl/secure.dynaccount.com/intermediate.crt 
    SSLVerifyDepth 1 
    SetEnvIf User-Agent ".*MSIE.*" \ 
    nokeepalive ssl-unclean-shutdown \ 
    downgrade-1.0 force-response-1.0 
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP 
</VirtualHost> 

# self-signed 
<VirtualHost 88.198.55.154:443> 
    ServerName api.dynaccount.com 
    DocumentRoot /var/www/dynaccount.com 

    SSLEngine on 
    SSLCertificateKeyFile /var/ini/ssl/api.dynaccount.com/private.key 
    SSLCertificateFile /var/ini/ssl/api.dynaccount.com/public.crt 
    SSLVerifyDepth 0 
    SetEnvIf User-Agent ".*MSIE.*" \ 
    nokeepalive ssl-unclean-shutdown \ 
    downgrade-1.0 force-response-1.0 
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP 
</VirtualHost> 

Answer 1

你的问题这里是你有两次相同的ServerName。

在你的第二个虚拟主机，你应该有ServerName api.dynaccount.com并没有ServerAlias

我不知道它的问题，但给它一个尝试:)

---

编辑： 对于Server could not reliably resolve server name错误，你必须在httpd.conf中定义一个ServerName（不在VirtualHost中，这将是默认的服务器名称）

Answer 2

你读过Apache HTTP文档吗？

http://httpd.apache.org/docs/2.0/vhosts/name-based.html

基于域名的虚拟主机不能因为SSL协议的性质SSL安全服务器 使用。

每个IP可以有一个SSL主机。

原因？

SSL连接参数是按每个虚拟主机设置的，但必须在httpd读取主机HTTP标头之前进行协商。

这给一个感觉，不是吗？

UPDATE：

更改SSLCACertificateFile到SSLCertificateChainFile并提供根据docs或禁用客户端证书验证在所有