Revisions to Other site served on a multisite Apache server when 2nd SSL certificate introduced

replaced http://serverfault.com/ with https://serverfault.com/

Source Link

edited Apr 13, 2017 at 12:13

Community Bot

1

Keyword: SNI (Server Name Indication)

Looks like either your server or your client is missing SNI support, see

https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

To test whether your server is returning SNI header information you may try

openssl s_client -servername www.SERVERNAME.com -tlsextdebug -connect www.YOURSERVER.com:443 2>/dev/null | grep "server name"

see http://serverfault.com/questions/506177/how-can-i-detect-if-a-server-is-using-sni-for-https https://serverfault.com/questions/506177/how-can-i-detect-if-a-server-is-using-sni-for-https

You may also try such SSL Server Test https://www.ssllabs.com/ssltest/ The "Handshake Simulation" should give you something like this for older clients:

Android 2.3.7 No SNI Incorrect certificate because this client doesn't support SNI

but matching certificates for the newer clients.

BTW here somebody had a similar problem http://serverfault.com/questions/510132/apache-sni-namevhosts-always-route-to-first-virtualhost-entry https://serverfault.com/questions/510132/apache-sni-namevhosts-always-route-to-first-virtualhost-entry

Keyword: SNI (Server Name Indication)

Looks like either your server or your client is missing SNI support, see

https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

To test whether your server is returning SNI header information you may try

openssl s_client -servername www.SERVERNAME.com -tlsextdebug -connect www.YOURSERVER.com:443 2>/dev/null | grep "server name"

see http://serverfault.com/questions/506177/how-can-i-detect-if-a-server-is-using-sni-for-https

You may also try such SSL Server Test https://www.ssllabs.com/ssltest/ The "Handshake Simulation" should give you something like this for older clients:

Android 2.3.7 No SNI Incorrect certificate because this client doesn't support SNI

but matching certificates for the newer clients.

BTW here somebody had a similar problem http://serverfault.com/questions/510132/apache-sni-namevhosts-always-route-to-first-virtualhost-entry

Keyword: SNI (Server Name Indication)

Looks like either your server or your client is missing SNI support, see

https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

To test whether your server is returning SNI header information you may try

openssl s_client -servername www.SERVERNAME.com -tlsextdebug -connect www.YOURSERVER.com:443 2>/dev/null | grep "server name"

see https://serverfault.com/questions/506177/how-can-i-detect-if-a-server-is-using-sni-for-https

You may also try such SSL Server Test https://www.ssllabs.com/ssltest/ The "Handshake Simulation" should give you something like this for older clients:

Android 2.3.7 No SNI Incorrect certificate because this client doesn't support SNI

but matching certificates for the newer clients.

BTW here somebody had a similar problem https://serverfault.com/questions/510132/apache-sni-namevhosts-always-route-to-first-virtualhost-entry

added 144 characters in body

Source Link

edited Oct 18, 2016 at 13:26

rudimeier

10.8k
2
36
47

Keyword: SNI (Server Name Indication)

Looks like either your server or your client is missing SNI support, see

https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

To test whether your server is returning SNI header information you may try

openssl s_client -servername www.SERVERNAME.com -tlsextdebug -connect www.YOURSERVER.com:443 2>/dev/null | grep "server name"

see http://serverfault.com/questions/506177/how-can-i-detect-if-a-server-is-using-sni-for-https

You may also try such SSL Server Test https://www.ssllabs.com/ssltest/ The "Handshake Simulation" should give you something like this for older clients:

Android 2.3.7 No SNI Incorrect certificate because this client doesn't support SNI

but matching certificates for the newer clients.

BTW here somebody had a similar problem http://serverfault.com/questions/510132/apache-sni-namevhosts-always-route-to-first-virtualhost-entry

Keyword: SNI (Server Name Indication)

Looks like either your server or your client is missing SNI support, see

https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

To test whether your server is returning SNI header information you may try

openssl s_client -servername www.SERVERNAME.com -tlsextdebug -connect www.YOURSERVER.com:443 2>/dev/null | grep "server name"

see http://serverfault.com/questions/506177/how-can-i-detect-if-a-server-is-using-sni-for-https

You may also try such SSL Server Test https://www.ssllabs.com/ssltest/ The "Handshake Simulation" should give you something like this for older clients:

Android 2.3.7 No SNI Incorrect certificate because this client doesn't support SNI

but matching certificates for the newer clients.

Keyword: SNI (Server Name Indication)

Looks like either your server or your client is missing SNI support, see

https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

To test whether your server is returning SNI header information you may try

openssl s_client -servername www.SERVERNAME.com -tlsextdebug -connect www.YOURSERVER.com:443 2>/dev/null | grep "server name"

see http://serverfault.com/questions/506177/how-can-i-detect-if-a-server-is-using-sni-for-https

You may also try such SSL Server Test https://www.ssllabs.com/ssltest/ The "Handshake Simulation" should give you something like this for older clients:

Android 2.3.7 No SNI Incorrect certificate because this client doesn't support SNI

but matching certificates for the newer clients.

BTW here somebody had a similar problem http://serverfault.com/questions/510132/apache-sni-namevhosts-always-route-to-first-virtualhost-entry

added 611 characters in body

Source Link

edited Oct 18, 2016 at 13:17

rudimeier

10.8k
2
36
47

Keyword: SNI (Server Name Indication)

Looks like either your server or your client is missing SNI support, see

https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

To test whether your server is returning SNI header information you may try

openssl s_client -servername www.SERVERNAME.com -tlsextdebug -connect www.YOURSERVER.com:443 2>/dev/null | grep "server name"

see http://serverfault.com/questions/506177/how-can-i-detect-if-a-server-is-using-sni-for-https

You may also try such SSL Server Test https://www.ssllabs.com/ssltest/ The "Handshake Simulation" should give you something like this for older clients:

Android 2.3.7 No SNI Incorrect certificate because this client doesn't support SNI

but matching certificates for the newer clients.

Keyword: SNI (Server Name Indication)

Looks like either your server or your client is missing SNI support, see

https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

Keyword: SNI (Server Name Indication)

Looks like either your server or your client is missing SNI support, see

https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

To test whether your server is returning SNI header information you may try

openssl s_client -servername www.SERVERNAME.com -tlsextdebug -connect www.YOURSERVER.com:443 2>/dev/null | grep "server name"

see http://serverfault.com/questions/506177/how-can-i-detect-if-a-server-is-using-sni-for-https

You may also try such SSL Server Test https://www.ssllabs.com/ssltest/ The "Handshake Simulation" should give you something like this for older clients:

Android 2.3.7 No SNI Incorrect certificate because this client doesn't support SNI

but matching certificates for the newer clients.

Source Link

answered Oct 18, 2016 at 11:50

rudimeier

10.8k
2
36
47

Loading

Stack Exchange Network

Return to Answer