Re: ssl certifikate mismatch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, May 16, 2010 at 3:18 PM, Eric Covener <covener@xxxxxxxxx> wrote:
>> Listen 10.137.1.104:9901
>> <VirtualHost 10.137.1.104:9901>
>> SSLEngine on
>> SSLCertificateFile /etc/apache2/conf/www.aaa.at.crt
>> SSLCertificateKeyFile /etc/apache2/conf/www.aaa.at.key
>> Include conf/www.aaa.misc
>> </VirtualHost>
>>
>> Listen 10.137.1.104:9902
>> <VirtualHost 10.137.1.104:9902>
>> SSLEngine on
>> SSLCertificateFile /etc/apache2/conf/www.aaa.de.crt
>> SSLCertificateKeyFile /etc/apache2/conf/www.aaa.de.key
>> Include conf/www.aaa.misc
>> </VirtualHost>
>>
>> Listen 10.137.1.104:9903
>> NameVirtualHost 10.137.1.104:9903
>> <VirtualHost 10.137.1.104:9903>
>> Include conf/www.aaa.misc
>> </VirtualHost>
>
>>  openssl s_client -connect 10.137.1.104:9902
>
>> The certificate www.aaa.at was selected.
>
> Certainly looks bogus, fwd'ed to dev@ list
>
>

Can you show in one terminal session the contents of the two
certificates (openssl x509 -in ... -text | grep Subject:) and the
console output of s_client that includes the subject?

According to one of the active SNI folks, your openssl invocation
shouldn't even be providing the SNI extension (by default).





-- 
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux