CentOS 6, Apache 2.2.15 And SNI?
Hello,
is Apache 2.2 which is part of the CentOS distribution capable of SNI?
I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15)
just did ‘yum update’
in
/etc/httpd/conf/httpd.conf
I’ve the following
NameVirtualHost ipaddr:443
Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf
both ‘vhost’-files are like this:
ServerAdmin webmaster@domain#.com
ServerName vhost.domain#.com:443
ServerAlias box.domain#.com:443
ServerAlias calcbox.domain#.com:443
ServerAlias proxybox.domain#.com:443
… SSLEngine on
SSLStrictSNIVHostCheck on
SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt
…
only https://domain1.com/… works https://domain2.com/… results in a certificate CN mismatch …
what is missing in my config.?
Thanks, Walter
4 thoughts on - CentOS 6, Apache 2.2.15 And SNI?
It doesn’t appear you have a ServerName or ServerAlias for the naked domains (sans subdomain), so they’re both being answered by the first VirtualHost entry?
this is not the problem
meant
https://box.domain1.com works but https://box.domain2.com results in ‘Certificate name mismatch’
Thanks, Walter
What are the contents of the certificate(s) you have configured for tls? What AltSubject names, if any, do the certificate(s) support?
both were wildcard certificates, one for each domain …