Welcome! Log In Create A New Profile

Advanced

Re: NGINX1.2.1 SNI provides wrong server certificate

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
August 04, 2014 09:08AM
Hello!

On Mon, Aug 04, 2014 at 01:53:15AM -0400, ukr wrote:

> Hi there,
> we configured NGINX 1.2.1 on debian 7.1u1 with 5 virtual host, set up a
> private certification authority, generated keys for all the the virt. host
> and configured the hosts similar to
> server {
>
> listen 443;
> server_name server1.foo.baz.bar;
>
> ssl on;
> ssl_certificate /etc/nginx/ssl/server1.foo.baz.bar.pem;
> ssl_certificate_key /etc/nginx/ssl/server1.foo.baz.bar.key;
>
> ssl_protocols SSLv3 TLSv1 SSLv2;
> ssl_ciphers
> ALL:!ADH:!EXPORT56:!kEDH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
> ssl_prefer_server_ciphers on;
> ssl_session_cache shared:SSL:50m;
> ssl_session_timeout 5m;
> ...
> }
> However if we try to access server1 via curl -v -k
> https://server1.foo.baz.bar
>
> we get a wrong server certificate:
>
> Connected to server1.baz.bar(...) port 443 (#0)
> * TLS 1.0 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> * Server certificate: server2.baz.bar
> * Server certificate: OUR CA
> > GET / HTTP/1.1
> > User-Agent: curl/7.30.0
> > Host: server1.baz.bar
> > Accept: */*
>
> What is wrong in our config?

First of all I would recommend you to test if the client you are
testing with is able to use SNI. E.g., curl as available in
latest OS X seems to not able to use SNI.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

NGINX1.2.1 SNI provides wrong server certificate

ukr August 04, 2014 01:53AM

Re: NGINX1.2.1 SNI provides wrong server certificate

ukr August 04, 2014 08:37AM

Re: NGINX1.2.1 SNI provides wrong server certificate

Maxim Dounin August 04, 2014 09:08AM

Re: NGINX1.2.1 SNI provides wrong server certificate

Nicholas Sherlock August 10, 2014 07:56PM

Re: NGINX1.2.1 SNI provides wrong server certificate

ukr August 11, 2014 04:04AM

Re: NGINX1.2.1 SNI provides wrong server certificate

Patrick Laimbock August 11, 2014 10:12AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 267
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready