On March 12, 2017 3:58:41 PM EDT, Richard Stanway <[email protected]> wrote: >Your configs look fine, what you are seeing is the certificate that is >sent >if a client does not support SNI. You can control which certificate is >chosen using the default_server parameter on your listen directive. > >On Sun, Mar 12, 2017 at 4:54 PM, Fabian A. Santiago < >[email protected]> wrote: > >> Hello nginx world, >> >> I hope you can help me track down my issue. >> >> First, I'm running: >> >> Centos 7.3.1611 >> Nginx 1.11.10 >> Openssl 1.0.1e-fips >> >> My issue is I run 11 virtual sites, all listening on both ipv4 & 6, >same >> two addresses, so obviously I rely on SNI. One site also listens on >tor. >> >> When I check the ssl responses using either ssllabs server test or >openssl >> s_client, my sites work fine but also serve an extra 2nd cert meant >for the >> wrong hostname. I'm confused as I see no issue with my config files. >> >> I've attached a sample of my config files for one site for your >perusal. >> >> You can also check this domain for yourself: >> >> server1.garbage-juice.com >> >> Thanks for your help. >> >> >> -- >> Thanks. >> Fabian S. >> _______________________________________________ >> nginx mailing list >> [email protected] >> http://mailman.nginx.org/mailman/listinfo/nginx >>
Oh, that makes sense. Ok, I guess I just never noticed that before. And also thought that default site wouldn't be sent unless it knew of no SNI already. Thanks. That was easy. -- Thanks. Fabian S.
signature.asc
Description: PGP signature
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
