Apache SNI，2个域，2个证书，parsing到相同的文档根目录

我目前遵循以下指南： https : //www.digitalocean.com/community/articles/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-apache-on-ubuntu- 12-04

到目前为止安装已经没有问题了。 我正在使用我在http://www.startssl.com/?app=21注册的两个1级证书。 每个映射到它自己的（正确的）域。

问题是：去https下的域名parsing为同一个文档根目录，也就是说，如果我去https://backend.domain2.com ，我正确地来到它的VirtualHostconfiguration中指定的文档根目录。 但是，如果我访问https://email.domain1.com ，则会将其发送到backend.domain2的根目录，URL保持不变，并显示SSL证书无效的警告。 检查“无效”证书显示它是连接到后端。域2的。

我在这里做错了什么？ 这两个域的VirtualHostconfiguration如下：

• “无法打开日志”在Apache错误日志debian
• Apache / abtesting麻烦 – apr_socket_recv：连接被拒绝（111）
• DirectoryIndex对于重写的URL不能正常工作
• 安装后没有mod-mono.so或mod_mono.conf
• 在什么情况下，Apache允许不匹配的HTTP_HOST通过？

<IfModule mod_ssl.c> <VirtualHost *:443> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. ServerName mail.domain1.se ServerAdmin [email protected] ServerAlias www.mail.domain1.se DocumentRoot /usr/share/apache2/roundcubemail <Directory /> Options FollowSymLinks AllowOverride None </Directory> SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /etc/ssl/certs/domain1.crt SSLCertificateKeyFile /etc/ssl/private/domain1.key #SSLCertificateChainFile /etc/ssl/certs/sub.class1.server.ca.pem # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, eg #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf #Alias /mail "/usr/share/apache2/roundcubemail/" ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/usr/share/apache2/roundcubemail/$1 </VirtualHost> </IfModule> <IfModule mod_ssl.c> <VirtualHost *:443> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. ServerName backend.domain2.com ServerAdmin [email protected] #ServerAlias www.domain2.com DocumentRoot /var/www/backend.domain2.com/html <Directory /> Options FollowSymLinks AllowOverride None </Directory> # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, eg #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf #Alias /mail "/usr/share/apache2/roundcubemail/" #ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/pegasusgbg.se/html/$1 SSLEngine On SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /etc/ssl/certs/domain2.crt SSLCertificateKeyFile /etc/ssl/private/domain2.key #SSLCertificateChainFile /etc/ssl/certs/sub.class1.server.ca.pem CustomLog /var/log/apache2/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> </IfModule> 

我的ports.confconfiguration是：

 # If you just change the port or add more ports here, you will likely also # have to change the VirtualHost statement in # /etc/apache2/sites-enabled/000-default NameVirtualHost *:80 NameVirtualHost *:443 Listen 80 <IfModule ssl_module> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet 

 ServerName mail.domain1.se ServerAdmin [email protected] ServerAlias www.mail.domain1.se 

 ServerName backend.domain2.com #ServerAlias www.domain2.com 

  As of November 2012, the only major user bases whose browsers do not support SNI appear to be users of Android 2.x (default browser)[2], Internet Explorer on Windows XP[3][4] and versions of Java before 1.7 on any operating system.[5]