It is solved, I don't know why but SNI works only with hosts that are declared with ServerName and not with ServerAlias
so I did the following ...
I made an include file that contained everything of the virtualhost except the ServerAdmin and ServerName declarations and did this:
<VirtualHost ipaddr:443> ServerAdmin webmaster@domain#.com ServerName vhost.domain#.com:443 Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl </VirtualHost>
<VirtualHost ipaddr:443> ServerAdmin webmaster@domain#.com ServerName box.domain#.com:443 Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl </VirtualHost>
<VirtualHost ipaddr:443> ServerAdmin webmaster@domain#.com ServerName calcbox.domain#.com:443 Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl </VirtualHost>
...
Greetings, Walter
On 20.11.2016 18:24, Walter H. wrote:
Hello,
is Apache 2.2 which is part of the CentOS distribution capable of SNI?
I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15) just did 'yum update'
in /etc/httpd/conf/httpd.conf
I've the following
NameVirtualHost ipaddr:443
Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf
both 'vhost'-files are like this:
<VirtualHost ipaddr:443> ServerAdmin webmaster@domain#.com
ServerName vhost.domain#.com:443 ServerAlias box.domain#.com:443 ServerAlias calcbox.domain#.com:443 ServerAlias proxybox.domain#.com:443
... SSLEngine on
SSLStrictSNIVHostCheck on
SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt
...
</VirtualHost>
only https://domain1.com/... works https://domain2.com/... results in a certificate CN mismatch ...
what is missing in my config.?
Thanks, Walter