If you have run the Qualys SSL Test, you may have seen the following errors in your report:
- Client aborts on SNI unrecognized_name warning
- Incorrect SNI alerts
If your unsure what SNI is all about, then the following quote from Wikipedia should bring you up to speed:
“Server Name Indication (SNI) is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other Service over TLS) to be served off the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. The desired hostname is not encrypted, so an eavesdropper can see which site is being requested.”
If your running Apache, you can address this issue by insuring the correct site names are contained within the Virtual Host configuration. For example, it maybe appropriate to add this configuration to a .conf file relating to the site in question, eg /etc/apache2/sites-enabled/default-ssl.conf:
Enter the below within the section: VirtualHost ServerName www.example.com ServerAlias example.com www.example.com
You will need to restart Apache to apply the changes:
service apache2 restart
Hope this helps, if so please consider letting me know (below) or sharing.
It was solved to this article.
worked nicely, thanks for the fix.
Great, glad it helped. I will consider posting more like this.