Apache2.4正在搞乱SSL证书

我有以下带有两个SSL证书的虚拟主机配置 对于域*.example.com和*.dev.example.com：

<VirtualHost *:443>
    ServerName site.example.com

    SSLEngine on
    SSLProxyEngine on
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    SSLCertificateFile    /etc/apache2/ssl/certs/example.crt
    SSLCertificateKeyFile /etc/apache2/ssl/private/example.key

    ProxyPreserveHost on
    ProxyPass / http://192.168.1.101:8073/
    ProxyPassReverse / http://192.168.1.101:8073/
</VirtualHost>

<VirtualHost *:443>
    ServerName site.dev.example.com

    SSLEngine on
    SSLProxyEngine on
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    SSLCertificateFile    /etc/apache2/ssl/certs/dev_example.crt
    SSLCertificateKeyFile /etc/apache2/ssl/private/dev_example.key

    ProxyPreserveHost on
    ProxyPass / http://192.168.1.102:8073/
    ProxyPassReverse / http://192.168.1.102:8073/
</VirtualHost>

<VirtualHost *:443>
    ServerAlias *.dev.example.com

    SSLEngine on
    SSLProxyEngine on
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    SSLCertificateFile    /etc/apache2/ssl/certs/dev_example.crt
    SSLCertificateKeyFile /etc/apache2/ssl/private/dev_example.key

    <Proxy balancer://devcluster>
        BalancerMember http://192.168.1.201:8182 
        BalancerMember http://192.168.1.202:8182 
    </Proxy>    
    ProxyPass / balancer://devcluster/
    ProxyPassReverse / balancer://devcluster/
</VirtualHost>

<VirtualHost *:443>
    ServerAlias *.example.com

    SSLEngine on
    SSLProxyEngine on
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    SSLCertificateFile    /etc/apache2/ssl/certs/example.crt
    SSLCertificateKeyFile /etc/apache2/ssl/private/example.key

    <Proxy balancer://mycluster>
        BalancerMember http://192.168.1.203:8182 
        BalancerMember http://192.168.1.204:8182 
    </Proxy>    
    ProxyPass / balancer://mycluster/
    ProxyPassReverse / balancer://mycluster/
</VirtualHost>

ServerName site.example.com
斯伦金安
SSLProxyEngine打开
SSLOptions+FakeBasicAuth+ExportCertData+StrictRequire
SSLCertificateFile/etc/apache2/ssl/certs/example.crt
SSLCertificateKeyFile/etc/apache2/ssl/private/example.key
代理主机
ProxyPass/http://192.168.1.101:8073/
ProxyPassReverse/http://192.168.1.101:8073/
ServerName site.dev.example.com
斯伦金安
SSLProxyEngine打开
SSLOptions+FakeBasicAuth+ExportCertData+StrictRequire
SSLCertificateFile/etc/apache2/ssl/certs/dev_example.crt
SSLCertificateKeyFile/etc/apache2/ssl/private/dev_example.key
代理主机
ProxyPass/http://192.168.1.102:8073/
ProxyPassReverse/http://192.168.1.102:8073/
ServerAlias*.dev.example.com
斯伦金安
SSLProxyEngine打开
SSLOptions+FakeBasicAuth+ExportCertData+StrictRequire
SSLCertificateFile/etc/apache2/ssl/certs/dev_example.crt
SSLCertificateKeyFile/etc/apache2/ssl/private/dev_example.key
平衡员http://192.168.1.201:8182 
平衡员http://192.168.1.202:8182 
ProxyPass/balancer://devcluster/
ProxyPassReverse/balancer://devcluster/
ServerAlias*.example.com
斯伦金安
SSLProxyEngine打开
SSLOptions+FakeBasicAuth+ExportCertData+StrictRequire
SSLCertificateFile/etc/apache2/ssl/certs/example.crt
SSLCertificateKeyFile/etc/apache2/ssl/private/example.key
平衡员http://192.168.1.203:8182 
平衡员http://192.168.1.204:8182 
ProxyPass/balancer://mycluster/
ProxyPassReverse/balancer://mycluster/

访问网站时，我会得到以下信息：

site.example.com拥有example.crt中*.example.com的有效证书

site.dev.example.com拥有dev_example.crt提供的*.dev.example.com的有效证书

anything.dev.example.com拥有dev_example.crt提供的*.dev.example.com的有效证书

但是anything.example.com从*.dev.example.com虚拟主机中接收的dev_example.crt spceified中获取*.dev.example.com的无效证书

看起来虚拟主机“ServerAlias*.example.com”正在拾取虚拟主机“ServerAlias*.dev.example.com”中指定的证书

---

是Apache故障还是我的配置有问题？

您需要为每个SSL虚拟主机选择一个唯一的服务器名，即使您希望服务器别名代表您需要的内容。mod_ssl使用服务器名作为SNI的密钥。

您需要为每个ssl虚拟主机选择一个唯一的服务器名，即使您希望服务器别名代表您所需的内容。mod_ssl使用服务器名作为SNI的密钥。

您仍然可以使用服务器别名，但不能使用Omi servername或dup。您仍然可以使用服务器别名，但不能使用Omi servername或dup