Daniel,
On 1/27/21 14:37, Daniel Skiles wrote:
I'm currently running into some peculiar behavior with SNI, and I'm
wondering if any of you might be able to offer suggestions. I'm not sure
if it's a bad config, a bug, or a limitation of the software.
I have a Tomcat instance that has two SSLHostConfig elements applied.
The first is the default SSLHostConfig.
The second SSLHostConfig has a hostName of HOST.domain.com. The
Certificate entry for this SSLHostConfig contains a certificate that has
HOST.domain.com in its SAN field.
When I open Chrome and try to load https://HOST.domain.com/, the request
that goes across the wire is for https://host.docfinity.com. I immediately
receive a security warning from Chrome, and when I look at the certificate
that's returned, it's the certificate for the default host config.
Are SSLHostConfig.hostName attribute values case sensitive in Tomcat? I
have looked through the documentation and it does not seem to specify
either way.
Hostnames are, by RFC[1] definition, NOT case-sensitive. Those values
might be case-sensitive in Tomcat, though only accidentally.
Can you confirm a few things:
Using curl -v with HOST do you get the right cert?
Using telnet/nc with HOST do you get the right cert?
-chris
[1] https://tools.ietf.org/html/rfc4343
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
