Alternative names

LucaLazz · October 1, 2018, 10:45pm

Hello
I have a small problem with the certificates
On a server with Debian 9 and Apache 2 I have several virtual hosts with related certificates installed.

By doing an analysis with https://www.ssllabs.com I get an error in the results.

The error is in alternative names:

This does not present errors:
https://www.ssllabs.com/ssltest/analyze.html?d=agendina.eu

on all the other virtual hosts instead:
https://www.ssllabs.com/ssltest/analyze.html?d=www.lucalazzaro.net

The problem occurs with no-SNI software

Thanks for the replies and sorry for my poor English

sahsanu · October 1, 2018, 11:01pm

Hi @LucaLazz,

I see no problem if your users/customers… are not using a client that doesn’t support SNI. If you want to avoid these “errors” you should have one public ip for every certificate.

In your case, Apache is using the first certificate loaded to serve the requests to no SNI clients and as Apache is loading them in alphabetical order, the first one is agendina.eu so it is serving it as the default.

If you have multiple public ips you could bind them to every of your virtual hosts and certificates but I won’t be worried by it, there are just a few old clients that doesn’t support SNI.

Cheers,
sahsanu

schoen · October 1, 2018, 11:04pm

You might be able to get some good data about this from

although I'm sure there are other sources too.

system · October 31, 2018, 11:04pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.