[TriLUG] SSL NameVirtualHosts and SNI
Brian via TriLUG
trilug at trilug.org
Thu Feb 23 15:54:10 EST 2017
Hi Gang,
I've set up an SSL named virtual host on my apache instance, because I
don't have an IP address available to dedicate to it.
It sort of works...but here's the problem. I'm using Chrome, and I go to:
https://cases.lightsbybrian.com
For some odd reason that I can't discern, the URL gets rewritten to:
https://lightsbybrian.com
...which doesn't match the ServerName for the VirtualHost, so it falls
to the default VirtualHost (a completely different site) and complains
about the certificate Common Name being wrong (the cert for the default
vhost).
If I change the ServerName to simply "lightsbybrian.com", then the
correct certificate comes back, which of course also doesn't match
because its CN is cases.lightsbybrian.com
So it seems Chrome is correctly-ish operating with SNI, but for some
reason it is clipping off the "cases." subdomain.
Confounding factor: Up until a few moments ago, DNS for
cases.lightsbybrian.com was a CNAME for lightsbybrian.com. I have
changed that, creating a separate A record for cases.lightsbybrian.com,
but the CNAME's expiry is 24 hours.
Might Chrome be clipping off the subdomain because it's seeing the CNAME
DNS record?
Otherwise, why is the subdomain being removed?
Thanks,
-Brian
More information about the TriLUG
mailing list