[Modules] IE and FF not loading the same certs

Steven Chamberlain steven at pyro.eu.org
Fri Jul 25 20:11:18 EDT 2008


Hi,

ray at cayuse.com wrote:
> when you look at them with IE6 ot IE7 then only the cert that is in 
> the first listed <VirtualHost *:443> block gets loaded

I think that's what happens when the client doesn't support SNI (Server
Name Indication).  Without it there is no way for the server to know
which virtual host the client wants to access (because the SSL
negotiation must happen before the HTTP Host header is sent).  And so
for many years SSL servers have used separate IPs for each virtual host
to work around that.

Firefox supports SNI in the 2.x versions I've tested.  The last time I
tested IE6 it did not.  That would fit in with what you're seeing.  But
I was under the impression IE7 did support SNI.  Are you using the
latest available version of IE7?  I have 7.0.5730.13 here, and SNI seems
to work fine, and so I've not had any problems using it with mod_gnutls.

Regards,
-- 
Steven Chamberlain
steven at pyro.eu.org



More information about the Modules mailing list