OS:Microsoft Server 2019
Web server:Apache
Frontend: Vue.js
Backend: Laravel
I'm setting port 443 to connect my vue.js project, and set port 9999 to connect laravel project.
When I going to "https://my_domain", it show SSL is valid in front of URL bar.
I use Pentest-tools to scan "https://my_domain", the tools show the website is not have any vulnerability.
But when I using Vooki to scan my laravel API, it show I have a medium vulnerability which is "SSL-certificate wrong host".
where am I doing wrong? why when I go to vue.js using browser, it show I installed CA correct, but laravel API show "wrong host" in Vooki?
This is my httpd-vhosts.conf.
<VirtualHost *:443>
DocumentRoot "C:\Apache24\htdocs\index"
ServerName my_domain
ErrorLog "C:\Apache24\logs\error.log"
CustomLog "C:\Apache24\logs\access.log" combined
<Directory "C:\Apache24\htdocs\vue_project_name">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Directory "C:\Apache24\htdocs\vue_project_name\css">
Options Indexes FollowSymLinks
AllowOverride All
Require ip my_ip
</Directory>
<Directory "C:\Apache24\htdocs\vue_project_name\js">
Options Indexes FollowSymLinks
AllowOverride All
Require ip my_ip
</Directory>
SSLEngine on
SSLProtocol -all +TLSv1.2
SSLCertificateKeyFile "C:\Apache24\conf\ssl.key\my_domain.key"
SSLCertificateFile "C:\Apache24\conf\ssl.crt\my_domain.crt"
SSLCertificateChainFile "C:\Apache24\conf\DigiCertCA.crt"
</VirtualHost>
<VirtualHost *:9999>
DocumentRoot "C:\Apache24\htdocs\laravel_project_name\public"
ServerName my_domain
ErrorLog "C:\Apache24\logs\error.log"
CustomLog "C:\Apache24\logs\access.log" combined
<Directory "C:\Apache24\htdocs\laravel_project_name\public">
Options Indexes FollowSymLinks
AllowOverride All
Require ip my_ip
</Directory>
SSLEngine on
SSLProtocol -all +TLSv1.2
SSLCertificateKeyFile "C:\Apache24\conf\ssl.key\my_domain.key"
SSLCertificateFile "C:\Apache24\conf\ssl.crt\my_domain.crt"
SSLCertificateChainFile "C:\Apache24\conf\DigiCertCA.crt"
</VirtualHost>
try this