One vhost two offered certificates?

Discussion in 'Installation/Configuration' started by dmgeurts, Jun 4, 2019.

  1. dmgeurts

    dmgeurts Member

    Just ran an SSL scan against one of my websites and was happy to see it A rated, but going over the details I see two server certificates were detected. One from the vhost and the other from the first vhost file (in alphabetical order) which doesn't apply to the domain I was testing. I'm not sure if they run a second test against the server IP address as that would likely have resulted in this second certificate being presented.

    Has anyone else seen this on their servers? As a side note, I guess it's high time I ensure the first vhost Apache uses as a catch all is not a client website...

    SSL Analisys in question:
  2. dmgeurts

    dmgeurts Member

    Another case of: I should know to read better. the second cert is listed as [no SNI], which means:
    Which confirms my hunch... Case closed.

Share This Page