It doesn't appear you have a ServerName or ServerAlias for the naked domains (sans subdomain), so they're both being answered by the first VirtualHost entry?
> On Nov 20, 2016, at 9:24 AM, Walter H. <Walter.H@xxxxxxxxxxxxxxxxx> wrote:
>
> Hello,
>
> is Apache 2.2 which is part of the CentOS distribution capable of SNI?
>
> I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15)
> just did 'yum update'
>
>
> in
> /etc/httpd/conf/httpd.conf
>
> I've the following
>
> NameVirtualHost ipaddr:443
>
> Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf
> Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf
>
> both 'vhost'-files are like this:
>
> <VirtualHost ipaddr:443>
> ServerAdmin webmaster@domain#.com
>
> ServerName vhost.domain#.com:443
> ServerAlias box.domain#.com:443
> ServerAlias calcbox.domain#.com:443
> ServerAlias proxybox.domain#.com:443
>
> ...
> SSLEngine on
>
> SSLStrictSNIVHostCheck on
>
> SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key
> SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt
>
> ...
> </VirtualHost>
>
> only
> https://domain1.com/...
> works
> https://domain2.com/...
> results in a certificate CN mismatch ...
>
> what is missing in my config.?
>
> Thanks,
> Walter
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
