httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reinhard Vicinus <r.vici...@metaways.de>
Subject Re: [users@httpd] ssl certifikate mismatch
Date Sun, 16 May 2010 18:46:12 GMT

> What's the full apachectl -S look like on that config?
>    
VirtualHost configuration:
10.137.1.104:9903      is a NameVirtualHost
          default server www.aaa.de (/etc/apache2/sites-enabled/test:19)
          port 9903 namevhost www.aaa.de 
(/etc/apache2/sites-enabled/test:19)
10.137.1.104:9901      www.aaa.de (/etc/apache2/sites-enabled/test:2)
10.137.1.104:9902      www.aaa.de (/etc/apache2/sites-enabled/test:10)
Syntax OK

> What was the local host:port the connection was on?
>    
10.137.1.104:9902
> What SNI hostname was sent?
>    
I think that 10.137.1.104 was sent, but i'm not sure if any SNI hostname 
was sent. I called it like this: openssl s_client -connect 10.137.1.104:9902
> What certificate was selected?  Which certificate do you expect to be
> selected, and why?
>    
The certificate www.aaa.at was selected. I would expect that www.aaa.de 
would be selected because the configuration uses ip based virtual 
hosting and in the apache documentation it's clearly stated that only 
the exact IP address and port pair is used for selecting virtual hosts 
by ip based virtual hosting.

Also this configuration worked with older apache versions.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message