← Back to team overview

enterprise-support team mailing list archive

  1. enterprise-support team
  2. Mailing list archive
  3. Message #02778

[Question #233966]: Clients cannot connect with SSL enabled in Apache2. Seems to be related to either Name Virtual hosts or SNI in Ubuntu 12.04

  Thread PreviousDate PreviousThread Next 
New question #233966 on apache2 in Ubuntu:
https://answers.launchpad.net/ubuntu/+source/apache2/+question/233966

We are hosting a website for another company.  Our FQDN is something like site5.company.com.  The other company also has their DNS pointing to our IP for their users, something like site.othercompany.com.  Both are A records.

They would like to enable SSL.  We would still like to be able to get to the server without SSL (listening on both ports 80 and 443).  We would like to use one SSL cert for all FQDN used to reach the server - so the server should be reachable from site5.company.com and site.othercompany.com, using the same cert.  We are okay with getting browser warnings when going to site5.company.com.

We have the certificate requirements (key, chainfile, cert) installed and working for MOST clients.  However, some clients cannot connect.  In one test case, I was able to connect after adding "ServerAlias *" to the *:443 virtual host, but I cannot tell why this is happening.  This was not required in Ubuntu 10.04.

The test case I am using is Fiddler 2.4.4.5. I can connect to our test server using Firefox alone but I can only connect using Fiddler when I add "ServerAlias *" to the *:443 virtual host.  Here is the config file for the virtual host on our test server:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/server.crt
        SSLCertificateKeyFile /etc/ssl/private/server.key
</VirtualHost>
</IfModule>

Adding the "ServerAlias *" directive directly under the VirtualHost directive and reloading the config allows me to connect.

I cannot tell if I am doing something wrong or if something is wrong inside Apache.  As I understand it, we shouldn't need to specify a ServerName or ServerAlias because we want all names to get the default servers, depending on the port (*:80 or *:443).  This sounds like IP based virtual hosts, not named based.  And the configuration worked in 10.04.

Am I missing something?  What is the correct way to make this configuration work in Ubuntu 12.04?

-- 
You received this question notification because you are a member of
Ubuntu Server/Client Support Team, which is an answer contact for
apache2 in Ubuntu.
  Thread PreviousDate PreviousThread Next