Hello and thanks in advance for the help!
Here’s the issue I’ve installed an ssl cert (from godaddy onto apache hosted on an ec2 instance). In all cases with the exception of IE9 it works fine. IE9 is showing a domain mismatch error. Quayls shows the same
https://www.ssllabs.com/ssldb/analyze.html?d=https%3A%2F%2Famplify-social.com&hideResults=on
Both show a secured domain of domU-12-31-39-10-61-F2 instead of http://www.amplify-social.com which is a SAN
All others show a correct cert http://www.sslshopper.com/ssl-checker.html#hostname=www.amplify-social.com
I’m assuming whatever method quayls is using to judge the mismatch is the same as IE9, but I can’t for the life of me figure out how to remedy it.
You’re visibly using multiple certificates on your server, expecting Server Name Indication, whereby the client requests a specific host name when initiating the connection.
Some clients don’t support this (any version of Internet Explorer on Windows XP, Java up to version 7 (at least), .Net’s
SslStreamup to version 4.5 (at least) and some mobile devices amongst others).When this extension isn’t sent by the client, the server falls back to its default certificate. In this case, it falls back to a certificate valid for
domU-....You can check this with OpenSSL using:
(Try with and without the server name option.)
Unless you are actually hosting something on
domU-...as well, remove that virtualhost and make the one for your main website the default (or don’t make it the default). Of course, if you’re expecting to be able to serve multiple SSL-enabled virtual hosts on the same IP address (and port), this will cause problems: without SNI, you can only use one.