Nginx serving extra ssl certs

Richard Stanway r1ch+nginx at teamliquid.net
Sun Mar 12 19:58:41 UTC 2017


Your configs look fine, what you are seeing is the certificate that is sent
if a client does not support SNI. You can control which certificate is
chosen using the default_server parameter on your listen directive.

On Sun, Mar 12, 2017 at 4:54 PM, Fabian A. Santiago <
fsantiago at garbage-juice.com> wrote:

> Hello nginx world,
>
> I hope you can help me track down my issue.
>
> First, I'm running:
>
> Centos 7.3.1611
> Nginx 1.11.10
> Openssl 1.0.1e-fips
>
> My issue is I run 11 virtual sites, all listening on both ipv4 & 6, same
> two addresses, so obviously I rely on SNI. One site also listens on tor.
>
> When I check the ssl responses using either ssllabs server test or openssl
> s_client, my sites work fine but also serve an extra 2nd cert meant for the
> wrong hostname. I'm confused as I see no issue with my config files.
>
> I've attached a sample of my config files for one site for your perusal.
>
> You can also check this domain for yourself:
>
> server1.garbage-juice.com
>
> Thanks for your help.
>
>
> --
> Thanks.
> Fabian S.
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170312/0415cb67/attachment.html>


More information about the nginx mailing list