NGINX1.2.1 SNI provides wrong server certificate

ukr nginx-forum at
Mon Aug 4 05:53:15 UTC 2014

Hi there,
we configured NGINX 1.2.1 on debian 7.1u1 with 5 virtual host, set up a
private certification authority, generated keys for all the the virt. host
and configured the hosts similar to
server {

 listen 443;

 ssl on;
 ssl_certificate      /etc/nginx/ssl/;
 ssl_certificate_key  /etc/nginx/ssl/;

 ssl_protocols        SSLv3 TLSv1 SSLv2;
 ssl_prefer_server_ciphers   on;
 ssl_session_cache    shared:SSL:50m;
 ssl_session_timeout  5m;
However if we try to access server1 via curl -v -k

we get a wrong server certificate:

Connected to port 443 (#0)
* TLS 1.0 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* Server certificate: OUR CA
> GET / HTTP/1.1
> User-Agent: curl/7.30.0
> Host:
> Accept: */*

What is wrong in our config?

Thanks in advance

Posted at Nginx Forum:,252256,252256#msg-252256

More information about the nginx mailing list