SSL SNI Setup & Errors

Discussion in 'Linux Support: RHEL, CentOS, SUSE etc' started by Rudi, Mar 2, 2015.

  1. Rudi

    Rudi New Member

    Hi All,

    I am having some issues setting up SSL on my new test server, looking for some help from the community if possible.

    • 443 listener with one of the SSL's cert's attached to that listener
    • 2 virtual hosts
      • with the same SSL attached as the listener
      • with another SSL attached different to the above
      • SPDY2 / 3 / HTTP2 activated
      • TLS 1 / 1.1 / 1.2
      • ECDHE-RSA-AES128-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH as the Ciphers
      • Both have the same document root but different directories for the setup and separate XML files (obviously)
    • In Chrome i get the following errors
    • For i get a mis-match in the certificate
    • In safari i don't get the first error
    Any hints? i have had this working before, but can't seem to replicate.
  2. lsmichael

    lsmichael Active Member

    Talked around. This is probably two separate errors (we think).
    This error probably means that your cipher suite is too weak for Chrome's requirements. (Safari may have more relaxed requirements.) Try turning off SPDY and HTTP/2 and see if it still happens.
    • For i get a mis-match in the certificate
    This error, on the other hand, is almost certainly a misconfiguration of the SNI setup. Make sure the vhost is properly mapped in the listener. The mapping should be to "".

  3. gen

    gen New Member

    I have the same problem:
    When "Enable SPDY/HTTP2" is "None" ssl works fine, but when i check any of "SPDY/2", "SPDY/3", or "HTTP/2" i have error "net::ERR_SPDY_INADEQUATE_TRANSPORT SECURITY"
  4. eva2000

    eva2000 Member


  5. gen

    gen New Member

    Thanks for reply, eva2000
    I resolve my problem by adding this cipher suite:

    eva2000 likes this.
  6. Rudi

    Rudi New Member

    thanks both, my problem solved as well now !
  7. Rudi

    Rudi New Member

    My last problem is i get a certificate error only in iOS safari - cannot verify server identity - even tho the certificate name and domain match. I look at the details of the cert and all looks ok, baffled why that would be...
  8. Rudi

    Rudi New Member

    Does anyone know how to install an intermediate certificate ?

Share This Page