On 22 February 2013 08:29, Kenneth Mutka <[email protected]> wrote: > Hi, > > I'm having a bit of a problem with my certificates. I have about 15 separate > certificates, including the default one. Apart from listening to 443, I also > have a bunch of regular HTTP sites. > > Now, obviously I am using the SNI features here and most of the time it > works just as intended, but every now and then, highly intermittently, the > default certificate is being handed out instead of the correct one.
Not all HTTP clients support SNI. I would strongly suspect you're handing out the default cert to clients that don't provide SNI hints. Other than moving to IP-per-SSL-site, I don't believe there's anything you can do to avoid this when you don't control the clients. Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html
