Alternative names issue

Hello

I’m finally configuring my websites with certificates. I have several domains and subdomains running as virtual hosts on the same server. When I checked my certificate at SSLlabs.com, I’m seeing that there is a certificate mismatch for my virtual hosts. (unique domains)

The alternative names is listed as one of my subdomains rather than the unique domain name in question. Example: www.myvirtualhost.com shows an alternative name of blog.someothervirtualhost.com.

Is this configuration issue or is this something that I need to expect to see? I’m starting to think that I may have bungled the input on the CLI.

I’m running on SuSE Linux tumbleweed (rolling release) and Apache 2 with PHP7 if it matters.

Any assistance would be greatly appreciated.
Thanks in advance
Rip

This is NOT expected.
You should review all your vhost configuration files and ensure they have the proper alias and what not.

1 Like

Your description of what you see isn’t very precise but I think you might be talking about what happens for clients which don’t implement SNI.

When a user agent (web browser or other software) connects to your web server on a particular IP address, the only way to know which web site it wants to talk to is via a mechanism called Server Name Indication (SNI) which is optional and so missing from older software.

If this is important to you, for example because your visitors often run older browsers or use non-browser software to access the site - then you have two options:

  1. Obtain a single certificate (from Let’s Encrypt or any CA) covering every single name on your server in one, and tell the server to always present this cert. NB customers will be able to see the entire list inside the cert if they look so this has privacy implications.

  2. Obtain (this is likely to be costly) a separate IP address for each site so that the server can tell from IP address alone which site is meant.

If I misunderstood the problem, please explain in more detail what SSL labs says or just link the output page here.

1 Like

SNI information at SSL labs is what caught my attention. I have been in the process of tweaking my TLS configuration and noticed a Mismatched Cert. Ultimately, the issue was an error in a vhost config file. As I add additional layers to my SSL/TLS configuration, I am sure I’ll run up against more challenges… There’s always lots more to learn.
Thanks for your help.
Rip

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.