It is solved, I don't know why but
SNI works only with hosts that are
declared with ServerName
and not with ServerAlias
so I did the following ...
I made an include file that contained everything of the virtualhost
except the ServerAdmin and ServerName declarations
and did this:
<VirtualHost ipaddr:443>
ServerAdmin webmaster@domain#.com
ServerName vhost.domain#.com:443
Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl
</VirtualHost>
<VirtualHost ipaddr:443>
ServerAdmin webmaster@domain#.com
ServerName box.domain#.com:443
Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl
</VirtualHost>
<VirtualHost ipaddr:443>
ServerAdmin webmaster@domain#.com
ServerName calcbox.domain#.com:443
Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl
</VirtualHost>
...
Greetings,
Walter
On 20.11.2016 18:24, Walter H. wrote:
Hello,
is Apache 2.2 which is part of the CentOS distribution capable of SNI?
I have troubles that are coming from server side (CentOS 6.8, Apache
2.2.15)
just did 'yum update'
in
/etc/httpd/conf/httpd.conf
I've the following
NameVirtualHost ipaddr:443
Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf
Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf
both 'vhost'-files are like this:
<VirtualHost ipaddr:443>
ServerAdmin webmaster@domain#.com
ServerName vhost.domain#.com:443
ServerAlias box.domain#.com:443
ServerAlias calcbox.domain#.com:443
ServerAlias proxybox.domain#.com:443
...
SSLEngine on
SSLStrictSNIVHostCheck on
SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt
...
</VirtualHost>
only
https://domain1.com/...
works
https://domain2.com/...
results in a certificate CN mismatch ...
what is missing in my config.?
Thanks,
Walter
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
