AnsweredAssumed Answered

SSL Server Test: how is an SNI enabled server tested ?

Question asked by Dirk B. on Mar 2, 2014
Latest reply on Mar 3, 2014 by j-mailor

I just wondered,

why some other tests e.g. http://www.digicert.com/help/

are passed for my domain "24max.de"

 

but on the 'SSL Server Test' here
it is thrown an error "Certificate name mismatch"

pointing on the server-name itself "server1.24max.de" (the one entered in the DNS)

?

 

 

the server is an older Debian 6 with apache 2.2 with SNI
(one IP many domain-Names)

 

it is stated:
"This web site does not have a properly configured SSL server.
We were    able to retrieve more than one certificate, but the domain names listed in them do not match    the domain name you requested us to inspect (24max.de)"

 

 

this is not true:

at least one certificate is as follows:

 

 

Common Name = www.24max.de

Subject Alternative Names = www.24max.de, 24max.de, *.24max.de

Issuer = StartCom Class 2 Primary Intermediate Server CA

Serial Number = 01F3D0

SHA1 Thumbprint = D164A5B423281C602DE4CB530D442ADA74D5FD65

Key Length = 2048 bit

Signature algorithm = SHA1 + RSA (good)

Secure Renegotiation: Supported

 

as one can easily see in any modern browser
and on http://www.digicert.com/help/

Outcomes