It doesn't appear you have a ServerName or ServerAlias for the naked domains (sans subdomain), so they're both being answered by the first VirtualHost entry? > On Nov 20, 2016, at 9:24 AM, Walter H. <Walter.H at mathemainzel.info> wrote: > > Hello, > > is Apache 2.2 which is part of the CentOS distribution capable of SNI? > > I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15) > just did 'yum update' > > > in > /etc/httpd/conf/httpd.conf > > I've the following > > NameVirtualHost ipaddr:443 > > Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf > Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf > > both 'vhost'-files are like this: > > <VirtualHost ipaddr:443> > ServerAdmin webmaster at domain#.com > > ServerName vhost.domain#.com:443 > ServerAlias box.domain#.com:443 > ServerAlias calcbox.domain#.com:443 > ServerAlias proxybox.domain#.com:443 > > ... > SSLEngine on > > SSLStrictSNIVHostCheck on > > SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key > SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt > > ... > </VirtualHost> > > only > https://domain1.com/... > works > https://domain2.com/... > results in a certificate CN mismatch ... > > what is missing in my config.? > > Thanks, > Walter > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos