Welcome! Log In Create A New Profile

Advanced

SNI: ssl_error_bad_cert_domain on https://<IP>

February 28, 2015 12:51PM
premisses
-------------

nginx version: nginx/1.7.10
TLS SNI support enabled
Serving vhosts
each vhost has own registered certificate
each vhost works as expected

task
-----

Obtain 444 from [http|https]://<IP-ADDRESS>.

case http://<IP-ADDRESS>
--------------------------------------

configuration:

server {
listen 80;
server_name _;
root /dev/null;
return 444;
}

It returns 444, and we are happy about it.


case https://<IP-ADDRESS>
---------------------------------------

No additional configuration.

It returns the following:

< <IP-ADDRESS> uses an invalid security certificate.
< The certificate is only valid for the following names:
<
< www.example.com example.com
<
< (Error code: ssl_error_bad_cert_domain)

where "example.com" is a random? host from our pool of vhosts, and
its registered certificate is served for the IP-ADDRESS by nginx's SNI.
Indeed, this is the problem at hand.

The following does not help at all,

server {
#listen 80;
listen 443 ssl;
ssl_certificate_key /etc/ssl/<IP-ADDRESS>/www.key;
ssl_certificate /etc/ssl/<IP-ADDRESS>/www.pem;
server_name _;
root /dev/null;
return 444;
}

For the sake of proper administration, www.key/pem is a self-signed
certificate with included e-mail "hostmaster@<IP-ADDRESS>", and
an e-mail address has been created on purpose.

Can you replicate this problem?
Are there any known solutions?

Thank you for your time.
Subject Author Posted

SNI: ssl_error_bad_cert_domain on https://<IP>

173279834462 February 28, 2015 12:51PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 70
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready