Fixing SSL / HTTPS connections not reaching correct website for Windows XP users

Posted: 2013-10-31 22:36:00

When someone on a Windows XP system, or even using an older version of IE, goes to the SSL/HTTPS URL of your Apache or WampDeveloper hosted website, they might get a warning by their browser that the SSL Certificate does not match the website and/or get the wrong website. And in some situations this might also happen on recent OS versions (Vista, 7, etc).

To fix this –

Bind your website to the server’s public IP address. Only the SSL VirtualHost needs binding, the regular HTTP VirtualHost does not…

Edit the website’s SSL/HTTPS VirtualHost file (select website in WampDeveloper’s Websites Tab, then click the SSL VirtualHost button).

Change –

<VirtualHost *:443>

To –

<VirtualHost server's.public.ip.address:443>

You can locate the Public IP address of your system in WampDeveloper’s System Tab.

For local-network only websites use the LAN IP address instead (see System Tab for IPv4 values).

Save file. Restart Apache.

If you only have 1 IP address assigned to your server, you can do the above without any issues as long as you’re okay with this website now answering *all* SSL/HTTPS requests that come in on that specific IP address, regardless of which website they are for. Otherwise, you’ll need to bind each website’s SSL VirtualHost to a separate and unique IP address.

This happens because –

The client OS and Browser must support SNI (Server Name Indication) for *multiple SSL websites running on the same 1 IP address* to work – vs. having to dedicate a separate IP address for each website.

If they don’t, you’ll just get back WampDeveloper’s “DefaultWebsite” (usually localhost) with it’s fake/bogus self-signed Certificate, which will always mis-match the correct website’s domain-name.

Unless the request is originating on XP, or an older version of IE, this isn’t usually an issue. But this problem can also arise with some IE settings being turned off on Vista, Windows 7, etc:

Make sure TLS (needed by SNI) is turned on for IE on the system the request is coming form (it is by default – but some programs like McAfee mess it up); have the client go to:

Control Panel > Internet Options/Settings > Advanced

In Security Group, make sure this is check-marked:

Use TLS (and SSL)

Then have the client restart IE.