[Modules] Difficulty with Server Name Indication and ServerAlias

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Dec 5 06:22:56 EST 2008


I have Apache 2.2.9 and mod_gnutls 0.5.1 on a Debian "lenny"
system. Server Name Indication works for me except that it seems that
ServerAlias is not used to match a hostname with a certificate.

I have a virtual host configured as:

<VirtualHost *:443>
        ServerName svn.rd.nic.fr
        ServerAlias svn.generic-nic.net
        ServerAlias svn.langtag.net
        ...
        GnuTLSCertificateFile /etc/ssl/certs/ssl-cert-ALL-SVN.generic-nic.net.pem
        GnuTLSKeyFile /etc/ssl/private/ssl-cert-ALL-SVN.generic-nic.net.key

And getting to https://svn.rd.nic.fr/ gives me the right certificate
(ssl-cert-ALL-SVN.generic-nic.net.pem) but getting to
https://svn.langtag.net/ gives me the default certificate (I checked
the fingerprints and the expiration dates, both with gnutls-cli and
Firefox). 

(Your are welcome to test yourself, the right certificate has SHA1
9D:61:95:F4:2A:7B:EA:9F:0D:75:E4:EC:AB:63:1A:05:F1:A5:76:A0 and MD5
A9:AD:48:2C:2E:2D:E4:3B:BD:FA:7B:51:A9:C5:58:11, the default
certificate of the site has SHA1
81:8D:09:3E:DC:5B:E1:EC:4D:82:C2:18:F0:56:36:DD:E0:90:D6:06 and MD5
F5:78:88:D7:EF:CA:38:92:F3:40:B9:67:D4:B6:48:E6)

I'm pretty sure that ServerAlias worked before and I wonder what could
have break recently? New version of mod_gnutls? Stupid configuration
error from my side?



More information about the Modules mailing list