httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Edwards <nick.z.edwa...@gmail.com>
Subject Re: [users@httpd] SNI
Date Thu, 13 Nov 2014 02:03:26 GMT
Thanks, I found the error, our auto add script needs more checking,
added the SSLEngine on, cert/key/CA directives correctly, but it added
 <virtualhost  i.p [i:p] >  ...   omitting ":443", fixed and all is
good.  Seems a CSR added it as HTML, then whilst it was loading
realized she forgot to check the ssl box, did it and reloaded ..

devs arse kicked, and tighter submission checking now in place to
error if that happens again :)




On 11/12/14, Jeff Trawick <trawick@gmail.com> wrote:
> On Wed, Nov 12, 2014 at 5:05 AM, Nick Edwards <nick.z.edwards@gmail.com>
> wrote:
>
>> Hello,
>>
>> Have a problem on one server where SNI does not appear to work,  the
>> only difference is the very first vhost is non SSL, the SSL is loaded
>> second - works, then it loads some more http vhosts,  - they work,
>> then loads some SSL sites of same .domain - they work too, then it
>> tries to load SSL site of another domain - this fails, apache reports
>> no errors, but clients including using latest firefox, get wrong cert
>> error, is there an ordering issue? or did something else break?
>>
>> Disc: Use latest apache
>> version of openssl \exceeds minimum required for SNI.
>>
>> Thanks
>>
>
> It would help to see your Apache httpd version and a sketch of your
> SSL-related configuration.
>
> --
> Born in Roswell... married an alien...
> http://emptyhammock.com/
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message