Saturday, December 29, 2018

Set default TLS SNI vhost for Apache 2.2 on CentOS 6

I have a CentOS 6 server with Apache (httpd-2.2.15-15.el6.centos.x86_64). Now I configured TLS SNI using OpenSSL and that was pretty easy.



Now I have two TLS vhosts on the same ip and I want to specify which one should be the default it the client does not support TLS SNI (yes, I'm looking at you, git/hg).



Looking at the Apache docs there should be at least two ways to do this:





  • set for the default host (and *:443 for all others)

  • set "SSLStrictSNIVHostCheck on" for the non-default hosts.



Unfortunately neither method works for me. Can someone explain to me how to achieve the goal anyway and why the two methods above don't work as I expected?

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...