Seems that you ran it more than twice.
2 Likes
I don't think so. Notice there is a subtle spelling differences between kirkby and kirby. The former is my name, and the latter a common mis-spelling.
1 Like
eyes like a hawk!
1 Like
hmm...
[unrecognizable alias!]
1 Like
Yes, the first one is behaving as your default Virtual Host. You can rearrange them. You can even add a "fake" one with a self-signed "snake oil" cert to be your default.
See this page of Apache docs for details
Note that modern browsers all support SNI so those users will only see the cert from the matching VirtualHost. Only people using more "versatile" tools to connect to your server can see that default server cert.
2 Likes
I don't agree with you there. My initial problem was all the domains on the certificate could be seen just using the normal option to view a certificate in Firefox - no special tools were needed. The Common Name shown in Firefox was not what I wanted.
However, after using certbot to create individual certificates for each domain, the other domains could not be seen with a simple view of the certificate in Firefox. I used the SSL Labs server tester to dig a bit deeper. That showed only a name mismatch on the second certificate. I'm not going to lose any sleep over that one, but I was a bit miffed earlier when all unrelated domains could be easily seen, and the certificate had, what appears to me, to be a bad choice of Common Name.
I was talking about your current cert config which has them all separate. Yes, if you have all the names in the cert they are readily visible. I can see your default server cert using openssl just like SSL Labs. In short, it is not difficult to see your default cert just that your typical browser user won't any more.
Note I said:
You used to have all the domain names in the cert from the matching Virtual Host
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.