OK...got most of what I needed working on the HTTP server once I
updated PHP, so I added back my SSL certs through DCM. I have 6
vhosts, 3 of which use SSL. These all worked on my 7.2 box. I grabbed
the http.conf files because it worked so well and I didn't want to lose
the config that worked. It no longer does.
What I discovered a few years back that if you want to use SSL in
virtual host configurations, the secret was using these directives (in
my reverse proxy):
SSLAppName QIBM_HTTP_SERVER_WEBSITE (From SSL config and assigning
certificate to application)
SSLProtocolDisable SSLv2 SSLv3
SSLServerCert "website" (Actual name of certificate label in DCM)
ProxyPass / http://10.0.10.206:5080/
ProxyPassReverse / http://10.0.10.206:5080/
So, I have three of these and they have identical formats except for the
names and the proxy redirects. So, the SSL is fine on website 1. I get
a "Your connection is not private" error on website 2 because it picks
up the cert from website 1. Website 3 is fine.
So, I thought maybe there is something wrong with the certificate. So I
swapped website 1 and 2 in the listing order. Now the original 2nd
website is listed first. Now the "website 2" that is the first vhost
entry is fine but number 1 is in error, complaining this time the
certificate for website 2 (listed first now) is incorrect. It doesn't
seem to be honoring the SSLAppName or SSLServerCert on the second vhost.
Website 3 is still fine.
It is only those two SSL virtual hosts that have this issue. AND, they
were working before. The third website works fine regardless of the
order the virtual host entries are in. Weirder still, even if I get the
error on the cert on the website, I can go to https://www.ssllabs.com
and test the certificate and it returns the correct certificate for the
correct website and an "A" rating.
Anyone seen this before? I am stumped.....
GIAC Secure Software Programmer-Java
AWS Certified Cloud Practitioner
Twitter - Sys_i_Geek IBM_i_Geek
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.