You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Nick Edwards <ni...@gmail.com> on 2014/11/12 11:05:40 UTC
[users@httpd] SNI
Hello,
Have a problem on one server where SNI does not appear to work, the
only difference is the very first vhost is non SSL, the SSL is loaded
second - works, then it loads some more http vhosts, - they work,
then loads some SSL sites of same .domain - they work too, then it
tries to load SSL site of another domain - this fails, apache reports
no errors, but clients including using latest firefox, get wrong cert
error, is there an ordering issue? or did something else break?
Disc: Use latest apache
version of openssl \exceeds minimum required for SNI.
Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SNI
Posted by Nick Edwards <ni...@gmail.com>.
Thanks, I found the error, our auto add script needs more checking,
added the SSLEngine on, cert/key/CA directives correctly, but it added
<virtualhost i.p [i:p] > ... omitting ":443", fixed and all is
good. Seems a CSR added it as HTML, then whilst it was loading
realized she forgot to check the ssl box, did it and reloaded ..
devs arse kicked, and tighter submission checking now in place to
error if that happens again :)
On 11/12/14, Jeff Trawick <tr...@gmail.com> wrote:
> On Wed, Nov 12, 2014 at 5:05 AM, Nick Edwards <ni...@gmail.com>
> wrote:
>
>> Hello,
>>
>> Have a problem on one server where SNI does not appear to work, the
>> only difference is the very first vhost is non SSL, the SSL is loaded
>> second - works, then it loads some more http vhosts, - they work,
>> then loads some SSL sites of same .domain - they work too, then it
>> tries to load SSL site of another domain - this fails, apache reports
>> no errors, but clients including using latest firefox, get wrong cert
>> error, is there an ordering issue? or did something else break?
>>
>> Disc: Use latest apache
>> version of openssl \exceeds minimum required for SNI.
>>
>> Thanks
>>
>
> It would help to see your Apache httpd version and a sketch of your
> SSL-related configuration.
>
> --
> Born in Roswell... married an alien...
> http://emptyhammock.com/
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SNI
Posted by Jeff Trawick <tr...@gmail.com>.
On Wed, Nov 12, 2014 at 5:05 AM, Nick Edwards <ni...@gmail.com>
wrote:
> Hello,
>
> Have a problem on one server where SNI does not appear to work, the
> only difference is the very first vhost is non SSL, the SSL is loaded
> second - works, then it loads some more http vhosts, - they work,
> then loads some SSL sites of same .domain - they work too, then it
> tries to load SSL site of another domain - this fails, apache reports
> no errors, but clients including using latest firefox, get wrong cert
> error, is there an ordering issue? or did something else break?
>
> Disc: Use latest apache
> version of openssl \exceeds minimum required for SNI.
>
> Thanks
>
It would help to see your Apache httpd version and a sketch of your
SSL-related configuration.
--
Born in Roswell... married an alien...
http://emptyhammock.com/