It is solved, I don't know why but SNI works only with hosts that are declared with ServerName and not with ServerAlias so I did the following ... I made an include file that contained everything of the virtualhost except the ServerAdmin and ServerName declarations and did this: <VirtualHost ipaddr:443> ServerAdmin webmaster at domain#.com ServerName vhost.domain#.com:443 Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl </VirtualHost> <VirtualHost ipaddr:443> ServerAdmin webmaster at domain#.com ServerName box.domain#.com:443 Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl </VirtualHost> <VirtualHost ipaddr:443> ServerAdmin webmaster at domain#.com ServerName calcbox.domain#.com:443 Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl </VirtualHost> ... Greetings, Walter On 20.11.2016 18:24, Walter H. wrote: > Hello, > > is Apache 2.2 which is part of the CentOS distribution capable of SNI? > > I have troubles that are coming from server side (CentOS 6.8, Apache > 2.2.15) > just did 'yum update' > > > in > /etc/httpd/conf/httpd.conf > > I've the following > > NameVirtualHost ipaddr:443 > > Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf > Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf > > both 'vhost'-files are like this: > > <VirtualHost ipaddr:443> > ServerAdmin webmaster at domain#.com > > ServerName vhost.domain#.com:443 > ServerAlias box.domain#.com:443 > ServerAlias calcbox.domain#.com:443 > ServerAlias proxybox.domain#.com:443 > > ... > SSLEngine on > > SSLStrictSNIVHostCheck on > > SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key > SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt > > ... > </VirtualHost> > > only > https://domain1.com/... > works > https://domain2.com/... > results in a certificate CN mismatch ... > > what is missing in my config.? > > Thanks, > Walter >