Re: Issue with clients Operating System on certs

[Mounir IDRASSI]

 Hi,

You Apache configuration uses SNI (Server Name Indication) which is not 
supported on Windows XP using IE, Safari and Chrome. The client must be 
running under Windows Vista and higher in order for SNI to work.

That being said, you are saying in your message that Firefox fails to 
support SNI under XP and that surprises me because it's supposed to work 
starting from 2.0 and up, independently from the OS. What version of 
Firefox are using under XP?

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 7/16/2010 3:31 PM, Richard Buskirk wrote:

I sent this situation off to the help team but maybe it is either that 
stupid or that hard.

I have installed 2 SSL Certs on my server.

I am using a naming convention for apache configuration for each cert.

*Server:* Windows server 2008, Apache/2.2.14 (Win32) mod_ssl/2.2.14 
OpenSSL/0.9.8k PHP/5.2.11

*httpd-vhost.conf*

___________________________

NameVirtualHost *:443

<VirtualHost *:443>

SSLEngine on

SSLCertificateFile "C:\\certs\\ServerA.crt"

SSLCertificateKeyFile "C:\\certs\\ ServerA.key"

ServerName www. ServerA.com

SSLOptions StrictRequire

SSLProtocol all -SSLv2

ServerAdmin notice@ ServerA.com

DocumentRoot "C:\\Program Files (x86)\\Apache Software 
Foundation\\Apache2.2\\www\\html\\ ServerA "

ErrorLog "C:\\Program Files (x86)\\Apache Software 
Foundation\\Apache2.2\\logs\\ssl-access- ServerA.log"

CustomLog "logs/access-ssl-www. ServerA.com" common

</VirtualHost>

<VirtualHost *:443>

SSLEngine on

SSLCertificateFile "C:\\certs\\ ServerB.crt"

SSLCertificateKeyFile "C:\\certs\\ ServerB.key"

ServerName www. ServerB.com

SSLOptions StrictRequire

SSLProtocol all -SSLv2

ServerAdmin notice@ ServerB.com

DocumentRoot "C:\\Program Files (x86)\\Apache Software 
Foundation\\Apache2.2\\www\\html\\ ServerB "

ErrorLog "C:\\Program Files (x86)\\Apache Software 
Foundation\\Apache2.2\\logs\\ssl-access- ServerB.log"

CustomLog "logs/access-ssl-www. ServerB.com" common

</VirtualHost>

Here is where my senerio goes very weird. A computer with windows 7 
browses to both location and everything is perfect.

A computer with windows XP browses to the siteA no issue. But if they 
go to siteB, the cert for Site A is used on SiteB’s load every time no 
matter what computer they are on.

The siteB does show the proper site but the cert is the wrong cert. 
This fails in Firefox, IE, Safari, Google Chrome on windows XP.

Any suggestions ?

Does this make sense what I am saying?

Richard L. Buskirk
Senior Software Developer



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org