AnsweredAssumed Answered

Combining ECC and "regular" certificate on same IP

Question asked by Alexander Hoogerheide on Aug 12, 2014
Latest reply on Sep 5, 2014 by Ivan Ristić

I am doing some testing on Elliptic Curve Cryptography certificates. And although everything seems to work. The public Qualys SSL Report encounters an error every time before the run completes.

Assessment failed: Unexpected failure

 

However when I just browse to the site it seems to just work fine. Except from the fact it is signed by an untrusted CA. But for testing purposes I don't consider that a problem currently.

 

Setup:

- nginx 1.7.4 with openSSL 1.0.1i (SNI support enabled)

- gyas.nl: "primary" site, regular certificate signed by trusted CA, set as default_server in nginx config. Test works

- gyaswintdevarsity.nl: test-site, regular certificate signed by trusted CA, only accessible by SNI-enabled clients. Test works

- aegirwintdevarsity.nl: test-site, ECC certificate signed by untrusted CA, only accessible by SNI-enabled clients. Test fails

 

I have also tested the ECC certificate seperately with the same config. And then the Qualys SSL Report completes just fine.

Is there somethin I should adjust when setting up an ECC certificate on a shared SSL-IP?

Outcomes