[CLUE-Tech] apache + ssl + web server cluster + one domain name = nightmare

Mike Staver staver at fimble.com
Mon Nov 26 13:22:20 MST 2001 

Alright, I have a question that I'm hoping somebody out there can
answer. I have a certificate for the domain name
www.globaltaxnetwork.com.  Unfortunately as verisign works, I also had
to buy signed certs for:

www1.globaltaxnetwork.com 
www2.globaltaxnetwork.com 
www3.globaltaxnetwork.com

I have cluster cats load balancing and clustering my servers for me, all
three running apache.  I have the name www.globaltaxnetwork.com pointing
at all 3, in a round robin configuration.  On each machine, I have the
following virtual host configurations:

NameVirtualHost 64.242.89.22:80
NameVirtualHost 64.242.89.22:443

<VirtualHost www2.globaltaxnetwork.com:80>
ServerAdmin webmaster at globaltaxnetwork.com
DocumentRoot /home/httpd/html
ServerName www2.globaltaxnetwork.com
CustomLog /etc/httpd/logs/access_log combined
</VirtualHost>

<VirtualHost www.globaltaxnetwork.com:80>
ServerAdmin webmaster at globaltaxnetwork.com
DocumentRoot /home/httpd/html
ServerName www.globaltaxnetwork.com
CustomLog /etc/httpd/logs/access_log combined
</VirtualHost>

<VirtualHost www.globaltaxnetwork.com:443>
SSLEnable
ServerAdmin webmaster at globaltaxnetwork.com
DocumentRoot /home/httpd/html
ServerName www.globaltaxnetwork.com
CustomLog /etc/httpd/logs/access_log combined
SSLCertificateFile /etc/httpd/conf/ssl.crt/www.globaltaxnetwork.com.crt
SSLCertificateKeyFile
/etc/httpd/conf/ssl.key/www.globaltaxnetwork.com.key
</VirtualHost>

<VirtualHost www2.globaltaxnetwork.com:443> 
SSLEnable
ServerAdmin webmaster at globaltaxnetwork.com
DocumentRoot /home/httpd/html
ServerName www2.globaltaxnetwork.com
CustomLog /etc/httpd/logs/access_log combined
SSLCertificateFile
/etc/httpd/conf/ssl.crt/www2.globaltaxnetwork.com.crt   
SSLCertificateKeyFile
/etc/httpd/conf/ssl.key/www2.globaltaxnetwork.com.key
</VirtualHost>

That was just my example for the www2 box.  Now, I already feel ripped
off for having to purchase 4 signed certificates from verisign, but now
I'm trying to get this to work.  All three boxes used to work great as
long as I use the domain name www2.globaltaxnetwork.com, meaning, I
stick the number in there.  The minute I try to use the url:

https://www.globaltaxnetwork.com

It says:

The certificate that the site 'www2.globaltaxnetwork.com' has presented
does
not contain the correct site name. It is possible, though unlikely, that
someone may be trying to intercept your communication with this site. If
you
suspect the certificate shown below does not belong to the site you are
connecting with, please cancel the connection and notify the site
administrator. 

Then, when I try the url:

https://www.globaltaxnetwork.com

I get:

The certificate that the site 'www2.globaltaxnetwork.com' has presented
does
not contain the correct site name. It is possible, though unlikely, that
someone may be trying to intercept your communication with this site. If
you
suspect the certificate shown below does not belong to the site you are
connecting with, please cancel the connection and notify the site
administrator. 

When I view "more info", it says that I'm trying to use the cert file
for www.globaltaxnetwork.com for both.  Now, why would it say that with
the way that I have it configured?  Are there any hardcore apache people
out there that can help me? 
-- 

                                -Mike Staver
                                 staver at fimble.com
                                 mstaver at globaltaxnetwork.com
                                 http://www.fimble.com/staver

More information about the clue-tech mailing list