On 20.11.2016 18:33, David Nelson wrote: > It doesn't appear you have a ServerName or ServerAlias for the naked domains (sans subdomain), so they're both being answered by the first VirtualHost entry? this is not the problem meant https://box.domain1.com works but https://box.domain2.com results in 'Certificate name mismatch' Thanks, Walter >> On Nov 20, 2016, at 9:24 AM, Walter H.<Walter.H at mathemainzel.info> wrote: >> >> Hello, >> >> is Apache 2.2 which is part of the CentOS distribution capable of SNI? >> >> I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15) >> just did 'yum update' >> >> >> in >> /etc/httpd/conf/httpd.conf >> >> I've the following >> >> NameVirtualHost ipaddr:443 >> >> Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf >> Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf >> >> both 'vhost'-files are like this: >> >> <VirtualHost ipaddr:443> >> ServerAdmin webmaster at domain#.com >> >> ServerName vhost.domain#.com:443 >> ServerAlias box.domain#.com:443 >> ServerAlias calcbox.domain#.com:443 >> ServerAlias proxybox.domain#.com:443 >> >> ... >> SSLEngine on >> >> SSLStrictSNIVHostCheck on >> >> SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt >> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key >> SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt >> >> ... >> </VirtualHost> >> >> only >> https://domain1.com/... >> works >> https://domain2.com/... >> results in a certificate CN mismatch ... >> >> what is missing in my config.? >> >> Thanks, >> Walter >>