We've got multiple subdomains, each with it's own virtualhost entry in httpd.conf and (for those supporting https) in ssl.conf as well. Our main www subdomain has a GoDaddy cert associated with it. The subdomain I'm configuring right now ("api.bulbstorm.com") has an ssl.conf virtualhost entry that looks like this:
<VirtualHost 172.16.247.153:443>
DocumentRoot "/var/www/api"
ServerName api.bulbstorm.com:443
ErrorLog logs/api-error_log
CustomLog logs/api-access_log common
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCertificateFile /var/www/certs/api/server.crt
SSLCertificateKeyFile /var/www/certs/api/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
<Directory "/var/www/api">
Options +FollowSymLinks
RewriteEngine On
AllowOverride All
Order allow,deny
Allow from all
</Directory>
php_value include_path "/var/www/inc"
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
... the crt & key files in /var/www/certs/api/ were generated using openssl per instructions found here.
The api subdomain originally pointed to the godaddy cert for the www subdomain. But even though I've changed the virtualhost entry associated with the api subdomain to point to the self-signed certificate/key pair (and have restarted httpd, completely cleared browser settings related to the previous exception for the godaddy cert, etc.) browsers are still throwing warnings saying that the cert is for the www domain. When I look at the cert the browsers are pulling it looks like they're still getting the godaddy cert.
Higher up in the ssl.conf file there are these lines:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
This cert/key pair is different than the godaddy cert/key pair referenced in the virtualhost entry for the www subdomain, which looks like this:
SSLCertificateFile /etc/www.bulbstorm.com_ssl/www.bulbstorm.com.crt
SSLCertificateKeyFile /etc/www.bulbstorm.com_ssl/www.bulbstorm.com.key
SSLCertificateChainFile /etc/www.bulbstorm.com_ssl/gd_intermediate_bundle.crt
And finally, I see some entries like this in the virtualhost entries:
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
... and am not sure what "StdEnvVars" might hold or when/why it's appropriate to turn this option on for a given directory.
God bless me, I need a real system admin around here... lol. I'd really like to be able to know how to create self-signed certs and make the ssl.conf file adjustments necessary to get them to actually work. Any light that anyone can shed on the issue I'm having will be appreciated.