subject:"\[CentOS\] CentOS 6, Apache 2.2.15 and SNI\?"

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?

2016-11-24 Thread Walter H.

On Tue, November 22, 2016 22:40, James B. Byrne wrote:
>
> On Sun, November 20, 2016 12:43, Walter H. wrote:
>
>>
>> https://box.domain1.com works
>> but
>> https://box.domain2.com results in  'Certificate name mismatch'
>>
>>
>
> What are the contents of the certificate(s) you have configured for
> tls?  What AltSubject names, if any, do the certificate(s) support?
>
both were wildcard certificates, one for each domain ...


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?

2016-11-22 Thread James B. Byrne


On Sun, November 20, 2016 12:43, Walter H. wrote:

>
> https://box.domain1.com works
> but
> https://box.domain2.com results in  'Certificate name mismatch'
>
>

What are the contents of the certificate(s) you have configured for
tls?  What AltSubject names, if any, do the certificate(s) support?

-- 
***  e-Mail is NOT a SECURE channel  ***
Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI? Solved ...

2016-11-21 Thread Walter H.


It is solved, I don't know why but
SNI works only with hosts that are
declared with ServerName
and not with ServerAlias

so I did the following ...

I made an include file that contained everything of the virtualhost 
except the ServerAdmin and ServerName declarations

and did this:


ServerAdmin webmaster@domain#.com
ServerName vhost.domain#.com:443
Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl



ServerAdmin webmaster@domain#.com
ServerName box.domain#.com:443
Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl



ServerAdmin webmaster@domain#.com
ServerName calcbox.domain#.com:443
Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl


...

Greetings,
Walter


On 20.11.2016 18:24, Walter H. wrote:

Hello,

is Apache 2.2 which is part of the CentOS distribution capable of SNI?

I have troubles that are coming from server side (CentOS 6.8, Apache 
2.2.15)

just did  'yum update'


in
/etc/httpd/conf/httpd.conf

I've the following

NameVirtualHost ipaddr:443

Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf
Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf

both 'vhost'-files are like this:


ServerAdmin webmaster@domain#.com

ServerName vhost.domain#.com:443
ServerAlias box.domain#.com:443
ServerAlias calcbox.domain#.com:443
ServerAlias proxybox.domain#.com:443

...
SSLEngine on

SSLStrictSNIVHostCheck on

SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt

...


only
https://domain1.com/...
works
https://domain2.com/...
results in a certificate CN mismatch ...

what is missing in my config.?

Thanks,
Walter




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?

2016-11-20 Thread Walter H.


On 20.11.2016 18:33, David Nelson wrote:

It doesn't appear you have a ServerName or ServerAlias for the naked domains 
(sans subdomain), so they're both being answered by the first VirtualHost entry?

this is not the problem

meant

https://box.domain1.com works
but
https://box.domain2.com results in  'Certificate name mismatch'

Thanks,
Walter


On Nov 20, 2016, at 9:24 AM, Walter H.  wrote:

Hello,

is Apache 2.2 which is part of the CentOS distribution capable of SNI?

I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15)
just did  'yum update'


in
/etc/httpd/conf/httpd.conf

I've the following

NameVirtualHost ipaddr:443

Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf
Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf

both 'vhost'-files are like this:


ServerAdmin webmaster@domain#.com

ServerName vhost.domain#.com:443
ServerAlias box.domain#.com:443
ServerAlias calcbox.domain#.com:443
ServerAlias proxybox.domain#.com:443

...
SSLEngine on

SSLStrictSNIVHostCheck on

SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt

...


only
https://domain1.com/...
works
https://domain2.com/...
results in a certificate CN mismatch ...

what is missing in my config.?

Thanks,
Walter




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?

2016-11-20 Thread David Nelson

It doesn't appear you have a ServerName or ServerAlias for the naked domains 
(sans subdomain), so they're both being answered by the first VirtualHost 
entry? 

> On Nov 20, 2016, at 9:24 AM, Walter H.  wrote:
> 
> Hello,
> 
> is Apache 2.2 which is part of the CentOS distribution capable of SNI?
> 
> I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15)
> just did  'yum update'
> 
> 
> in
> /etc/httpd/conf/httpd.conf
> 
> I've the following
> 
> NameVirtualHost ipaddr:443
> 
> Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf
> Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf
> 
> both 'vhost'-files are like this:
> 
> 
> ServerAdmin webmaster@domain#.com
> 
> ServerName vhost.domain#.com:443
> ServerAlias box.domain#.com:443
> ServerAlias calcbox.domain#.com:443
> ServerAlias proxybox.domain#.com:443
> 
> ...
> SSLEngine on
> 
> SSLStrictSNIVHostCheck on
> 
> SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key
> SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt
> 
> ...
> 
> 
> only
> https://domain1.com/...
> works
> https://domain2.com/...
> results in a certificate CN mismatch ...
> 
> what is missing in my config.?
> 
> Thanks,
> Walter
> 
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6, Apache 2.2.15 and SNI?

2016-11-20 Thread Walter H.


Hello,

is Apache 2.2 which is part of the CentOS distribution capable of SNI?

I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15)
just did  'yum update'


in
/etc/httpd/conf/httpd.conf

I've the following

NameVirtualHost ipaddr:443

Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf
Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf

both 'vhost'-files are like this:


ServerAdmin webmaster@domain#.com

ServerName vhost.domain#.com:443
ServerAlias box.domain#.com:443
ServerAlias calcbox.domain#.com:443
ServerAlias proxybox.domain#.com:443

...
SSLEngine on

SSLStrictSNIVHostCheck on

SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt

...


only
https://domain1.com/...
works
https://domain2.com/...
results in a certificate CN mismatch ...

what is missing in my config.?

Thanks,
Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI? Solved ...

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?

[CentOS] CentOS 6, Apache 2.2.15 and SNI?

6 matches

Site Navigation

Mail list logo

Footer information