[TriLUG] SSL NameVirtualHosts and SNI
Brian via TriLUG
trilug at trilug.org
Thu Feb 23 16:00:35 EST 2017
The plot thickens... From within my home network, using Chrome on
Linux, the name-based SSL virtual host works perfectly! It's only from
my Windows 7 laptop at work where Chrome is rewriting the URL and
dropping the "cases." part.
Now I don't know what to think! A bug with Windows Chrome's SNI
implementation?
-B
On 02/23/2017 03:54 PM, Brian wrote:
> Hi Gang,
>
> I've set up an SSL named virtual host on my apache instance, because I
> don't have an IP address available to dedicate to it.
>
> It sort of works...but here's the problem. I'm using Chrome, and I go to:
>
> https://cases.lightsbybrian.com
>
> For some odd reason that I can't discern, the URL gets rewritten to:
>
> https://lightsbybrian.com
>
> ...which doesn't match the ServerName for the VirtualHost, so it falls
> to the default VirtualHost (a completely different site) and complains
> about the certificate Common Name being wrong (the cert for the default
> vhost).
>
> If I change the ServerName to simply "lightsbybrian.com", then the
> correct certificate comes back, which of course also doesn't match
> because its CN is cases.lightsbybrian.com
>
> So it seems Chrome is correctly-ish operating with SNI, but for some
> reason it is clipping off the "cases." subdomain.
>
> Confounding factor: Up until a few moments ago, DNS for
> cases.lightsbybrian.com was a CNAME for lightsbybrian.com. I have
> changed that, creating a separate A record for cases.lightsbybrian.com,
> but the CNAME's expiry is 24 hours.
>
> Might Chrome be clipping off the subdomain because it's seeing the CNAME
> DNS record?
>
> Otherwise, why is the subdomain being removed?
>
> Thanks,
> -Brian
>
>
More information about the TriLUG
mailing list