apache multi web site ssl configuration

I’ve a problem with my Apache configuration. I use only one Apache instance in order to serve several web site and php application.
One php application have installed an SSL certificate: I used this code in my virtual host in order to redirect all http requests on https:

<VirtualHost *:80>
   ServerName app.domain1.com
   Redirect permanent / https://app.domain1.com/
</VirtualHost>
SSLStrictSNIVHostCheck on
<VirtualHost *:443>
   ServerName app.domain1.com
   DocumentRoot [...]
   <Directory [...]>
      Options FollowSymLinks MultiViews
      AllowOverride All
      Order deny,allow
      Allow from all
   </Directory>
   # ssl certificate
   SSLEngine on
   SSLProtocol all
   SSLCertificateFile [path to .crt file]
   SSLCertificateKeyFile [path to .key file]
   SSLCACertificateFile [path to .crt file]
   # x-frame-option
   Header always append X-Frame-Options SAMEORIGIN
   # sts
   Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</VirtualHost>

This configuration works: if I go to app.domain1.com Apache redirects this request on https://app.domain1.com and the certificate works correctly.
I have other virtual host configuration for other web site on the same Apache server without SSL (for example www.domain2.com). If I go to https://www.domain2.com I receive a security message because the certificate (!!!) isn’t related to domain2.com but it is related to domain1.com.
How can I reject all https request for a non https domain?


Source: apache

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.