Issue with VirtualHost definition order and SNI SSL

Igor Sysoev is at rambler-co.ru
Wed Oct 28 11:24:41 MSK 2009


On Wed, Oct 28, 2009 at 09:31:05AM +0200, Iantcho Vassilev wrote:

> 2009/10/27 Igor Sysoev <is at rambler-co.ru>
> 
> > On Tue, Oct 27, 2009 at 07:42:42PM +0200, Iantcho Vassilev wrote:
> >
> > > 2009/10/27 Igor Sysoev <is at rambler-co.ru>
> > >
> > > > On Tue, Oct 27, 2009 at 12:55:34PM +0200, Iantcho Vassilev wrote:
> > > >
> > > > > Here is my two ssl vhosts>>>
> > > > >
> > > > > server {
> > > > >         listen  443;
> > > > >         ssl on;
> > > > >         ssl_certificate /usr/local/etc/pathTocrt;
> > > > >         ssl_certificate_key /usr/local/pathTokey;
> > > > >
> > > > >
> > > > >         server_name xxxxx.com www.xxxxxx.com
> > > > >
> > > >
> > ---------------------------------------------------------------------------------------------------
> > > > >
> > > > > server {
> > > > >         listen  443;
> > > > >         ssl on;
> > > > >           ssl_certificate /usr/local/etc/pathTocrt2;
> > > > >      ssl_certificate_key /usr/local/pathTokey2;
> > > > >
> > > > >
> > > > >         server_name xxxxx2.com wwww.xxxxxx2.com
> > > > >
> > > > >
> > > > > Hope that helps..
> > > >
> > > > As I understand Linmiao Xu <linmiao.xu at jhu.edu> is different man.
> > > > Well what is your case ? What browser do you use ?
> > > >
> > > > I've just created my own ceritificate authority, have installed
> > > > the CA certificate in FF 3.0, then have created 2 certificate signed
> > > > by this authority. Both certificate works well wiht SNI without any
> > > > message.
> > >
> > > Sorry about the misunderstanding..those two sites use Godaddy and TrueSSL
> > > certificates
> > > When i put one of the server to listen to other port (one is 443 other
> > 444)
> > > both certificates work
> > > when they are on port 443 both sites use the first loaded certificate....
> > > I though it should work without installing any CA or whatever  (those are
> > > trustworthy CA)
> >
> > What browsers did you use for testing ?
> 
> I used F.F 3.5.3

Could you create debug log of the requests ?


-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list