3

I have two projects that are a copy of each other on my Mac with MAMP. They both have SSL pages. However, whenever I hit the a secured SSL page of project 2, the base_url or host changes to project1 instead of remaining project2. I know this is an issue with the vhosts, because if I switch the order of the entries, the reverse happens. Here's my config files:

    /Applications/MAMP/conf/extra/httpd-ssl.conf


<VirtualHost _default_:443>
DocumentRoot "/Applications/MAMP/htdocs/proj1"
ServerName proj1.localhost:443
ErrorLog "/Applications/MAMP/Library/logs/error_log"
TransferLog "/Applications/MAMP/Library/logs/access_log"
SSLEngine on
SSLCertificateFile "/Applications/MAMP/conf/apache/ssl/server.crt"
SSLCertificateKeyFile "/Applications/MAMP/conf/apache/ssl/server.key"
</VirtualHost> 

<VirtualHost _default_:443>
DocumentRoot "/Applications/MAMP/htdocs/proj2"
ServerName proj2.localhost:443
ErrorLog "/Applications/MAMP/Library/logs/error_log"
TransferLog "/Applications/MAMP/Library/logs/access_log"

SSLEngine on
SSLCertificateFile "/Applications/MAMP/conf/apache/ssl/server.crt"
SSLCertificateKeyFile "/Applications/MAMP/conf/apache/ssl/server.key"
</VirtualHost> 

--------------------
cat /etc/hosts

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1   localhost
255.255.255.255 broadcasthost
::1             localhost 
fe80::1%lo0 localhost

127.0.0.1 proj1.localhost
127.0.0.1 proj2.localhost
user1322092
  • 233
  • 2
  • 11

2 Answers2

3

Change the

<VirtualHost _default_:443>

to

<VirtualHost *:443>

Then make sure you have

NameVirtualHost *:443

Then restart apache and it should work

EDIT

Also you don't need the 443 in ServerName proj1.localhost:443

Mike
  • 21,910
  • 7
  • 55
  • 79
2

This is because the hostname is sent encrypted, and the SSL decryption happens inside the virtual host, not outside it. This means that the server doesn't have access to the hostname when it selects the virtual host, and thus it will always select the first one. You can read more about this at wiki.apache.org

Jenny D
  • 27,358
  • 21
  • 74
  • 110
  • not 100% true.. it will use the SSL cert from the first entry it sees but if setup correctly after ssl is decrypted the host header is read and it will go to the correct docroot – Mike Oct 08 '12 at 13:08
  • This is only true for older browsers (and potentially operating systems) and/or older versions of Apache. Current versions of Apache and any current browser available on a Mac will support [SNI](http://en.wikipedia.org/wiki/Server_Name_Indication). – Ladadadada Oct 09 '12 at 09:18